Tagged Questions
1
vote
1answer
51 views
Java applet authenticity problem
I implemented an applet in java to authenticate users at my website by the usage of MIFARE cards and everything is working good. However I am concerned about the applet's authenticity, in other words, ...
2
votes
1answer
186 views
What is the best practice for storing a secret on the cloud?
This post on Securing Java Application Data for Cloud Computing offers a good introduction to using a Java KeyStore for securing encrypted data in the cloud. It neglects, however, to answer the ...
0
votes
1answer
37 views
How esignature verification process work?
I have a web application in which the users will be signing an html report. I know how the digital signature authentication works. But here the user will literally be signing the document (So, Should ...
0
votes
0answers
44 views
Can Jasper files be used as shells to attack java web apps?
JasperReports is an open source Java reporting tool that can write to a variety of targets, such as: screen, a printer, into PDF, HTML, Microsoft Excel, RTF, ODT, Comma-separated values or XML ...
1
vote
1answer
72 views
Client vs Server security for business critical application (crossplatform)
We have the option to develop a software either based on
Java (but then it is only available for desktop clients using Java SE and can run maybe also as tomcat app can be multithreaded, stable, ...
2
votes
3answers
227 views
Microsoft password strength checker
I typed in my password in Microsoft password strength checker website. Could it now be possible for someone to recover that password from my computer?
5
votes
1answer
308 views
Practices for storing username/password in Web applications
I have read the following question: Storing password in Java application but I don't find the answers useful for my case.
So here is my question somehow related to that. I have a Java Web application ...
4
votes
3answers
288 views
Vulnerable java applications
I am looking for some open source/free vulnerable JAVA based applications. It can be web application, desktop application or any other. I need them to do some experiments in my research work. They ...
3
votes
1answer
183 views
Multibyte Character Exploits JSP/PostgreSQL
I am trying to secure a web application, written in Java/JSP and running on PostgreSQL, against SQL injection. I ran into this very interesting answer, which refers to PHP and MySQL. Is there any ...
3
votes
0answers
255 views
When to move from Container managed security to alternatives like Apache Shiro, Spring Security? [closed]
I am trying to secure my application which is built using JSF2.0.
I am confused about when do people choose to go with security alternatives like Shiro, Spring Security or owasp's esapi leaving ...
3
votes
1answer
375 views
Securing sensitive data in a DB,is using H2 worth it?
I am designing a web application at the moment, and one of the requirements is to secure the user credentials as well as their roles. Now ofc besides the usual pwd hashing + salt +.... I was thinking ...
5
votes
2answers
466 views
Frameworks or any Solutions for authentications/security/ login management in Java Web Applications
I am looking for a framework/solution for authentication/ user-login management/ security in java web application that can make the naive developer's job easier/faster and make the application ...
