A Ponemon Institute report showed that 71% of developers believed that security was not adequately addressed during the software development lifecycle. This figure is revealing as it demonstrates that developers view security as a development priority, yet you often feel unequipped to engage.
The relationship between security and developers has traditionally been like two teams competing at a tug-of-war. On one end, as developers, you are pulling to produce functional products as fast as possible. You don’t want to be told what to do and definitely do not want the security teams to get in the way of developing code. On the other end, security is pulling to ensure the product is as secure as possible.
Writing secure code should be at the top of your minds, especially given the number of application security breaches that find their way into the news. A critical first step is learning important secure coding principles and how they can be applied so you can code with security in mind.
The good news is that you have a great resource to help with secure programming! On the Red Hat Developer Program website, you will find numerous tools that can help you code with security in mind, such as:
Continue reading “Red Hat Developer Program introduces new topic on secure programming”
According to Wikipedia, entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data.
Entropy is often overlooked, misconfigured or forgotten and it can originate in sporadic errors whether it can be timeouts, refused connections, etc. Such errors are difficult to debug as the errors happen only when there is not enough entropy available.
This article tries to explain briefly how to check if this can be a problem in a RHEL system and how to fix it.
It has long been recognized that unconstrained growth of memory usage constitutes a potential denial of service vulnerability. Qualys has shown that such unconstrained growth can be combined with other vulnerabilities and exploited in ways that are more serious.
Continue reading “Stack Clash Mitigation in GCC — Background”
JBoss Application Server ships with PicketLink module for enabling SAML based SSO. PicketLink is an open source module and it is SAML v2.0 complained, for more information about ‘PicketLink’ please visit picketlink.org.
Now the requirement is to enable SAML based SSO in JBoss Application Server where IDP is OKTA.
Continue reading “Integrating PicketLink with OKTA for SAML based SSO”