spring-framework – Page 4 – WindowsTechs.com

Enable (Global) HTTP State in Tools -> Options -> Connection of OWASP Zap tool [on hold]

Posted on May 6, 2019 by Tân NgôILOVEvananh1808

Can you tell me how the option on OWASP ZAP 2.7.0 that I highlighted in this picture works:

You can see this option by follow Tools -> Options -> Connection. I used Spring Security and enbale csrf by configure:

<http… Continue reading Enable (Global) HTTP State in Tools -> Options -> Connection of OWASP Zap tool [on hold]→

Anti-CSRF scanner still alerts after adding _csrf token to login form

Posted on May 3, 2019 by Tân NgôILOVEvananh1808

I am working on a Spring MVC project. I applied CSRF Token to login form by enabling and using in Spring security. When I go to the login page, I can see that a CSRF Token generated automatically with name _csrf. But when … Continue reading Anti-CSRF scanner still alerts after adding _csrf token to login form→

Storing vault read token securely

Posted on March 26, 2019 by adorearun

I have PCF spring boot application which needs to access the vault server to get the credentials to create datasource during startup. Right now we are hard coding the app role id and secret id in the spring boot application . Is there a b… Continue reading Storing vault read token securely→

Reduce form spam without external dependencies or false positives

Posted on March 13, 2019 by Chris

I’m working on a Java Spring with a team and have been facing form spam issues. We are seeing a large number of requests that use generated & falsified information (ie everyone’s names are generic, emails follow the same … Continue reading Reduce form spam without external dependencies or false positives→

How to implement MQTT over TLS on ActiveMQ embedded? [migrated]

Posted on December 27, 2018 by S. Das

I am embedding an ActiveMQ broker with mqtt connector only. I want to use TLS. How can I do that? I prefer would to implement this programaticaly or using application.properties/yml as I am using spring.

Continue reading How to implement MQTT over TLS on ActiveMQ embedded? [migrated]→

Add CSRF tokens to form tags automatically- Spring

Posted on December 17, 2018 by security guy

In Spring framework, is there a way to add a CSRF token to all the form tags automatically? maybe using [1] or some other way but not using a custom form tag that would insert the CSRF token when its manually used instead of … Continue reading Add CSRF tokens to form tags automatically- Spring→

WebSecurity and StrictHttpFirewall in spring

Posted on October 29, 2018 by Saurabh Kedia

Could somebody please demonstrate a small code for spring security for StrictHttpFirewall and Websecurity classes?
I want to defend against XSS attacks, SQL injections, be it POST or GET, on all the URLs.
Where should we instantiate and in… Continue reading WebSecurity and StrictHttpFirewall in spring→

Using Salt in Spring Security

Posted on October 23, 2018 by Saurabh Kedia

I am using Spring Security. I want to store salt values for each and every user in the database.

Here is my database

User
-id
-username
-password
-salt

On accessing a particular URL, the default login form will be displa… Continue reading Using Salt in Spring Security→

Spring Session management

Posted on October 17, 2018 by Saurabh Kedia

I want to implement a simple session management on spring security for local project.
I have a login form, some URLs for user functions, an interceptor,a controller and also an authenticator and authorizor (WebSecurtiyConfig… Continue reading Spring Session management→

Benefit of Parameter Map size validation in web application controller

Posted on August 29, 2018 by Hima

I have a web application (Spring MVC) and have input data validation for every parameter in the controller. What is NOT present is checking for accepted Parameter Map Size. i.e When the controller expected 10 parameters and the request has… Continue reading Benefit of Parameter Map size validation in web application controller→