Collaborate Disseminate
I’m creating WEB project in Angular and Spring. This is educational project for my learning.
I want to encrypt some data in Angular and then store it in backend. Idea is to not have any acces to user data in backend – user w… Continue reading What are the best practices to secure an Angular & Spring web project?
I’m creating WEB project in Angular4 and Spring. This is educational project for my learning.
I want to encrypt some data in Angular and then store it in backend. Idea is to not have any acces to user data in backend – user … Continue reading What are the best practices to secure an Angular & Spring web project?
I’d like to create self signed certificate to test web application created by me with https. Firstly I created two private keys :
openssl genrsa -out privkeyA.pem
openssl genrsa -out privkeyB.pem
Then created certificate s… Continue reading Creating self signed certificate for keytool
The spring documentation doesn’t say much, just that the default strength is 10. How does one determine when using increased strength might be warranted and what the trade off is?
I am currently thinking on using Spring Data Couchbase as way to access my data in my DB. But I need to create a really secure application. How secure is Spring Data Couchbase?
It would be good to get some tips to make an se… Continue reading How secure is Spring Data Couchbase? [on hold]
I am storing some data in html field for display purpose.
When I changed value of that field through inspect element, it get changed in server side also.
Due to project requirement, I am unable to use server side validation… Continue reading Identify content change in client browser on server side
I’m building a site with Spring, which requires authentication in order for accessing certain pages.
The site is actually composed of a client host, which render the views and handle the data binding, and a REST api host (bu… Continue reading Am I missing any loopholes with my current session managment?
What should be proper way to implement CSRF protection in microservice architecture? Where services are stateless.
To put CSRF verification on system entry? e.g. Gateway
With this option I can’t guarantee that customer gateway will do t… Continue reading CSRF in microservice architecture
What should be proper way to implement CSRF protection in microservice architecture? Where services are stateless.
To put CSRF verification on system entry? e.g. Gateway
With this option I can’t guarantee that customer gat… Continue reading CSRF in microservice architecture
I have the application in Spring Boot with embedded Tomcat. I’ll want use owasp mod security. How can I redirect network traffic that mod security will see it? I develop my app on localhost and I only show how Mod Security wo… Continue reading Mod Security OWASP with Spring Boot [migrated]