Security

Article

It has long been recognized that unconstrained growth of memory usage constitutes a potential denial of service vulnerability. Qualys has shown that such unconstrained growth can be combined with other vulnerabilities and exploited in ways that are more serious. Typically, the heap and stack of a process start at opposite ends of the unused address space and grow towards each other. This maximizes the flexibility to grow the regions over the course of execution of the program without apriori knowing...

JBoss Application Server ships with PicketLink module for enabling SAML based SSO. PicketLink is an open source module and it is SAML v2.0 complained, for more information about 'PicketLink' please visit picketlink.org. Now the requirement is to enable SAML based SSO in JBoss Application Server where IDP is OKTA. Before we start enabling this, one should have an OKTA organization, a free developer organization can be created here. If you already have an OKTA organization, you need to set up...

To the average web developer, a hacker may seem simply like a nuisance, easily avoidable with the implementation of security standards and encryption methods. However, to many Americans nationwide, hackers are often defined as “super geniuses” which can “crack” into anything and terrorize our world. The main reason for this somewhat misguided interpretation of the hacking community is the fact that the media typically portrays these individuals as coffee-guzzling, cigarette-smoking rebels dressed in black, hiding in shadows, and wreaking havoc...

Managing the security of your projects applications can be an overwhelming and unmanageable task. In today's world, the number of newly created frameworks and languages is continuing to increase and they each have their own security drawbacks associated with them. The wide variety of security scanners available can help find vulnerabilities in your projects, but some scanners only work with certain languages and they each have different reporting output formats. Creating reports for customers or managers and viewing analytics using...

Related Blog Post : https://developers.redhat.com/blog/2017/05/25/easily-secure-your-spring-boot-applications-with-keycloak/ Support Github repo : https://github.com/sebastienblanc/spring-boot-keycloak-tutoria Although security and identity management is a crucial aspect for any application, its implementation can be difficult. Worse, it is often neglected, poorly implemented and intrusive in the code. But lately, Identity Management servers has appeared which allow to outsource and delegate all authentication and authorization aspects. Of these servers, one of the most promising is Keycloak, open-source, flexible and agnostic of any technology, it is easily deployable / adaptable in its own infrastructure. In this session, I propose you to discover KeyCloak progressively and in an interactive way: 0 slide, 100% live coding."

Learn how to use a centralized authentication service to secure many different microservices.

Corinne takes us through Swift development with AeroGear and how to use the new OAuth2 library to authenticate against Google Services. She also shows how to use Keycloak to secure REST endpoints and access them via AeroGear.

Keycloak is a new open source authentication server for cloud, mobile and html5. With loads of features, including single-sign on, social login, account management console, account workflows, fully featured admin console, OAuth2 and OpenShift cartridge to name a few. The first alpha has recently been released, with loads more features planned for the future. Keycloak also provides support for role based authorization and supports granting access to third party applications. This talk gives a comprehensive introduction to Keycloak and its features, as well as discuss how easily you can add authentication to your applications. There will also be an extensive live demo. Stian Thorgersen is a Senior Software Engineer at Red Hat. He co-leads the Keycloak project together with Bill Burke, and is also the security lead on another new open source project. Stian also has many years of experience in cloud solutions.

What is Keycloak? Although security is a crucial aspect of any application, its implementation can be difficult. Worse, it is often neglected, poorly implemented and intrusive in the code. But lately, security servers have appeared which allow for outsourcing and delegating all the authentication and authorization aspects. Of these servers, one of the most promising is Keycloak, open-source, flexible, and agnostic of any technology, it is easily deployable/adaptable in its own infrastructure. Moreover, Keycloak is more than just an authentication...

Technology is an ever-expanding market full of opportunity and dedicated to making our lives more convenient and advanced in the process. Countless companies across the world have recognized the power in embracing technology to survive and prosper and, with this being said, the world has never been more advanced than it is today — with a future as bright as the people creating it. Furthermore, although many people believe that the modern generation is completely out of their minds and...

... with APIs, OpenID, and Microservices, Daria Mayorova and Mark Cheshire from Red Hat 3Scale shared their presentation on how to construct microservice-based applications with the benefits of API management. Some general characteristics of microservices include: componentization via service organized around business capabilities smart endpoints design for failure decoupling of components Typically, microservices are divided into to two general architectural buckets: Inner Architecture Any service communication with other microservices within a larger service boundary (think intra-application communication). Outer Architecture Border...

Expanding on Tristan's blog, where he spoke of enabling security for JBoss Data Grid caches, in this post we will cover how to add LDAP based security to the JDG caches. The principles and techniques remain defined by Tristan, but there are some minor changes that I will be highlighting in this blog for a successful working configuration of JDG enabled with LDAP security. Before we jump on to configuring the JDG for security, I would like to brush up...

Article

Introduction Dependency management isn’t anything new, however, it has become more of an issue in recent times due to the popularity of frameworks and languages, which have large numbers of 3rd party plugins and modules. With Node.js, keeping dependencies secure is an ongoing and time-consuming task because the majority of Node.js projects rely on publicly available modules or libraries to add functionality. Instead of developers writing code, they end up adding a large number of libraries to their applications. The...

Article

Since I've learned about nftables, I heard numerous times that it would provide better performance than its designated predecessor, iptables. Yet, I have never seen actual figures of performance comparisons between the two and so I decided to do a little side-by-side comparison. Basically, my idea was to find out how much certain firewall setups affect performance. In order to do that, I simply did a TCP stream test between two network namespaces on the same system and then added...

Article

A few months ago, I had to write some internal GCC passes to perform static analysis on the GNU C Library (glibc). I figured I might as well write them as plugins since they were unlikely to see the light of day outside of my little sandbox. Being a long time GCC contributor, but having no experience writing plugins I thought it'd be a good way to eat our own dog food, and perhaps write about my experience. Unfortunately, I...

Web developers and IT professionals are the foundations of any quality business’ data security. However, with technology constantly changing and evolving as well as becoming more consumer-friendly, this data’s vulnerability only increases and it can often be hard to even notice how this new technology can actually affect your company until it occurs. Despite this, ignorance to modern hacking techniques does not refute their inability to transform even the smallest of devices into a weapon with which to infect or...

2016 was certainly an interesting year and, although we could probably discuss the election alone for an hour, there is one particular epidemic which has plagued the developer community in more ways than we probably care to mention. It seems as though even the best data encryption and reformatting of SSD’s is slowly becoming not enough when it comes to the continuous evolution of the hacker community and this is a pretty unsettling situation. In fact, in the first six...

Article

In 2016, many improvements happened in the ABI static analysis framework that is Libabigail. In this article we'll present how fedabipkgdiff, a new Libabigail tool can help Fedora users, developers and others to analyze ABI changes of libraries carried by packages of the distribution. Introduction As many of you already know, the engine used to build RPM packages in the Fedora build system is named Koji. Thus, one can get Fedora RPMs from Koji using a web browser. In that...

Article

Hash tables are an important part of dynamic programming languages. They are widely used because of their flexibility, and their performance is important for the overall performance of numerous programs. Ruby is not an exception. In brief, Ruby hash tables provide the following API: insert an element with given key if it is not yet on the table or update the element value if it is on the table delete an element with given key from the table get the...

Article

This article describes the steps required to add buffer overflow protection to string functions. As a real-world example, we use the strlcpy function, which is implemented in the libbsd library on some GNU/Linux systems. This kind of buffer overflow protection uses a GNU Compiler Collection (GCC) feature for array size tracking (“source fortification”), accessed through the __builtin_object_size GCC built-in function. In general, these checks are added in a size-checking wrapper function around the original (wrapped) function, which is strlcpy in...

Part 2 of 2 In part one of this blog post, we mentioned a pain point in Container based environments. We introduced SCAP as a means to measure compliance in computer systems and introduced ManageIQ as a means of automating Cloud & Container based workflows. Tutorial: Using the OpenSCAP integration in ManageIQ In ManageIQ we have been working on leveraging OpenSCAP to show container images that infringe known vulnerabilities based on the latest CVE content distributed by Red Hat. Integrating...

Part 1 of 2 "Docker is about running random crap from the Internet as root on your host" - Dan Walsh Do you trust your containers? In container-based development flows, a developer will create an image to be the base for an application. Images are stateless, read only, and they are built in layers. These layers represent everything in an application's runtime environment but the kernel, which will be “borrowed” from the hosting machine. Such layers include distribution, packages, environment...

This is the first part of a 2 part article, part 2 (End To End Encryption With OpenShift Part 2: Re-encryption) will be authored by Matyas Danter, Sr Consultant with Red Hat, it will be published soon. This article aims to demonstrate use cases for Openshift routes to achieve end-to-end encryption. This is a desirable and sometimes mandated configuration for many verticals, which deal with strict regulations. For example, financial sectors often are extremely careful about their application security standards...

Wanting to become familiar with nftables, I decided to jump in at the deep end and just use it on my local workstation. The goal was to replace the existing iptables setup, ideally without any drawbacks. The following essay will guide you through what I have done in order to achieve that. In order to be able to follow, you should already be familiar with iptables and at least have a rough idea of what nftables are. I don't see...

Security

Products

Build

Quicklinks

Communicate

RED HAT DEVELOPER

Red Hat legal and privacy links

Red Hat legal and privacy links

Report a website issue