Tag Archives: cybersecurity

Wow, after a few years of coding I went to a conference organised by OWASP. I always liked the ability to find a leak or exposure and even sometimes make fixes for it. But then again, i’m a software engineer and that’s what we’ll do, create and fix code. Or not? After the first keynote they’ve had my full focus, already i was interested in the security aspect but after this the curiosity was burning inside me. I want to know more, no one ever told me there was this world of people which actually care about security. Whether is was pen-testing or baseline scanning, even the OWASP top 10 becomes a lot more interesting when you’ve been to such a conference. But then the most embarrassing moment of my professional career happened. I went to a speaker after his presentation and start asking questions about the topic and the…

Read more

Not all developers know how to implement the ssl certificates in a Java environment and the difference between the serverside truststore as the client-sided keystores. Therefore a post is devoted to clearify how this way of security works. If you wish to implement this I will assume you have configured your Java installation succesfully which means by my understanding: A JDK is installed. The JAVA_HOME environment variable is configured correctly. The JDK you wish to use is configured as default JDK. First of all the definition of the names: cacerts – Certificate Authority Certifications – TrustStore jks – Java keystore – KeyStore The truststore is used to check certificates on incoming requests of the application while the keystore(s) are to let others know you can be trusted and bind certificates to outgoing traffic of your application. Do you need to read that sentence a couple of times before it really…

Read more

2/2