Enterprise development security

Enterprise development security involves the use of software, hardware, and procedural methods to protect applications from external threats. Enterprise Java security measures built into applications and a sound application security routine minimize the likelihood that hackers will be able to manipulate applications and access, steal, modify, or delete sensitive enterprise data. Learn design techniques and how to design secure Java applications. Find best practices, examples and strategies for designing security into enterprise Java applications.

Top Stories

Feature 27 Apr 2021
Collaboration is key to a secure web application architecture

Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers. Continue Reading
Feature 23 Dec 2020
What's in a name? What developers can expect in Jakarta EE 9

What Oracle called the Java EE API is now called Jakarta EE API under the Eclipse Foundation. Here's what developers can expect in the Jakarta EE 9 release. Continue Reading

Blog Post 08 Jan 2022

How chmod numbers work explained by example

Don't let yourself be intimidated by chmod numbers and permissions. Here's a quick and easy to understand explanation of how chmod permission numbers work in Linux. Continue Reading
Feature 23 Dec 2020

What's in a name? What developers can expect in Jakarta EE 9

What Oracle called the Java EE API is now called Jakarta EE API under the Eclipse Foundation. Here's what developers can expect in the Jakarta EE 9 release. Continue Reading
Blog Post 01 Aug 2020

How TUF can secure software systems from update vulnerabilities

An emerging specification from CNCF looks to secure software systems thanks to the open source community and a focus on update vulnerabilities that limit the effects of a potential attack. Continue Reading
Blog Post 13 Dec 2019

5 simple steps you can take to prevent a data breach

Stick to best practices when it comes to security. Follow these five simple steps to guard against the most basic cyberattacks. Continue Reading
Blog Post 20 Nov 2019

How regular secure code reviews can benefit an organization

Follow these code review best practices to identify security vulnerabilities before your applications are released into production. Continue Reading
Tutorial 13 Nov 2019

A Jenkins tutorial for beginners with examples

If you're ready to try Jenkins, this quick start tutorial lays out the specific steps you'll need to take to download and install the CI tool on your local machine. Continue Reading
Feature 07 Oct 2019

You need more than web app security to stop API attacks

API and web application vulnerabilities may share some common traits, but it's where they differ that hackers will target. Continue Reading
Blog Post 03 Oct 2019

What developers need to know about an Alexa vulnerability

An Alexa vulnerability, combined with improper record retention in Amazon cloud servers, could expose a consumer or business developer to hacks that target private data. Continue Reading
Blog Post 01 Oct 2019

Forensic analysis helps close gaps in hypervisor vulnerabilities

A June 2019 NIST report identified hypervisor vulnerabilities in type 1 and type 2 hypervisors. Through the use of forensic analysis, you can start to close gaps in these vulnerabilities and ... Continue Reading
Blog Post 29 Aug 2019

Input validation issues open Cisco firewall vulnerability

A Cisco firewall vulnerability stems from improper user input validation. Here is how to fix the problem, and other ways to stem firewall vulnerability issues in your environment. Continue Reading
Blog Post 28 Aug 2019

Use the HSTS header for secure communications across networks

With the HSTS header, your organization can ensure that communications are secure across your networks. Here is how to implement the header, and some parameters to set for proper security. Continue Reading
Blog Post 23 Aug 2019

7 IT security best practices to know to prevent data breaches

Hackers don't always infiltrate your production systems with sophisticated attacks. Sometimes, they view overlooked IT security best practices as the best way to gain access to your data. Continue Reading
Blog Post 01 Jul 2019

Don't let RabbitMQ vulnerabilities expose your CI pipelines

The Jenkins Security Advisory reported multiple security vulnerabilities in the RabbitMQ Publisher that exposed continuous integration pipelines to potential attacks through unencrypted passwords ... Continue Reading
Blog Post 25 Jun 2019

Perform a Kubernetes security hardening before you use Jenkins X

Developers need to make a Kubernetes security hardening a priority before you dabble with Jenkins X in your environment. Don't let Kubernetes vulnerabilities expose your valuable data to possible ... Continue Reading
Blog Post 10 Jun 2019

How to deal with a remote code execution vulnerability

Manage a remote code execution vulnerability with careful diagnosis of the problem and different risk mitigation steps to avoid an attacker intrusion into your enterprise. Continue Reading
Feature 26 Apr 2019

Use entropy as a service to bolster your security

Cryptographic keys help improve security in your enterprise. Consider entropy as a way to safeguard your data and prevent hackers from picking your locks with faulty keys. Continue Reading
Feature 24 Apr 2019

Help your developers create a better IT security model

Developers need to be comfortable with their tools to create a strong security model in an organization. Don't overlook these areas or credentials can end up in the wrong hands. Continue Reading
Feature 27 Mar 2019

Encrypted computing approaches practical app development

A new technology could make it easier to write apps that don't have to decrypt data and, therefore, improve security without a compromise made for development. Continue Reading
Feature 19 Mar 2019

Detect attacker intent with Elasticsearch security plugins

Harden your enterprise with security plugins for Elasticsearch that target hacker behaviors, patterns and goals to limit issues, and keep your information safe. Continue Reading
Feature 14 Mar 2019

Fix this runC vulnerability to prevent unwanted root access

Examine a recent vulnerability to the runC container code and what you need to do to prevent unwanted root access and container manipulation in your computing environment. Continue Reading
Feature 28 Feb 2019

Don't let the DevOps shift left mindset diminish security

The shift left in DevOps philosophy makes some responsibility changes in the delivery process but can generate positive results if properly implemented. Continue Reading
Opinion 12 Feb 2019

Master-slave terminology alternatives you can use right now

Software companies have found alternatives for master-slave terminology to describe their distributed systems. It's time for the rest of the IT world to do the same. Continue Reading
Feature 31 Jan 2019

Developers and the enterprise software sales process

Should developers be privy to the ins and outs of software sales? A strong business relationship can be mighty helpful in this expensive and tedious process. Continue Reading
Opinion 14 Dec 2018

Don't contribute to the high IT project failure rate

Enterprise software development is difficult, so it's no surprise to discover there is a high IT project failure rate. Here's how to buck the trend and get yours to succeed. Continue Reading
Feature 30 Oct 2018

This history of GitHub and Java's role in it

Ruby played a big role in the history of GitHub, but Java now plays a bigger part. At Oracle Code One, GitHub engineering manager Rafer Hazen provided plenty of reasons why. Continue Reading
Blog Post 01 Oct 2018

Women in Cybersecurity: Bringing Balance to the Equation

The world of technology is exciting. And confusing. And dangerous. And full of potential. For women, privacy and security are concepts that go hand in hand. Today’s technology has created new ways ... Continue Reading
Feature 16 May 2018

How to calculate McCabe cyclomatic complexity in Java

An understanding of how to calculate McCabe cyclomatic complexity in Java is the first step in better testing and improved software quality. Continue Reading
Blog Post 27 Apr 2018

Thwart threats by abiding to network security fundamentals

Cloud, mobile, and IoT have changed the face of the modern network so it’s no surprise network security fundamentals have become important for businesses of all sizes. It seems even the largest ... Continue Reading
Tutorial 24 Apr 2018

Create your first Jenkins build job: A freestyle project tutorial for beginners

The Jenkins freestyle job is the foundation of Jenkins CI. In this CI tutorial, we show you how to both create a freestyle job and run it using the CI tool. Continue Reading
Feature 20 Mar 2018

Stay ahead of Java security issues like SQL and LDAP injections

Java security best practices include validating input to prevent injection attacks and managing malicious JAR vulnerabilities. Continue Reading
Feature 08 Mar 2018

Application security vulnerabilities are often known exploits

How hard is it to secure an enterprise application? It's not hard, especially given the fact that most application security vulnerabilities are known threats with simple solutions. Continue Reading
Opinion 12 Feb 2018

Why this quantum computing breakthrough is a security risk

Quantum computing will void pretty much all security encryption techniques and open the door to hackers. Here's how to protect your data when it does. Continue Reading
Feature 05 Feb 2018

Containers and the cloud push middleware technology forward

Is the application server dead? Not really. But the role of middleware technology has certainly changed in ways that impact both operations and developers. Continue Reading
Feature 05 Feb 2018

What can the Java community expect from Oracle in 2018?

Questions remain as to how bumpy the road may be as Oracle changes the release cadence and embraces OpenJDK. Is the Java community ready for the ride? Continue Reading
Podcast 24 Jan 2018

Here's how to add Java certified developer to your resume

Ever think about acquiring your Java certification? Here we take a look at the benefits of getting Java certified and the steps to take to ensure that it happens. Continue Reading
Blog Post 22 Jan 2018

Cybersecurity risk management doesn’t need to be all or nothing

Cybersecurity risk management should be a concern for organizations of all sizes, with fresh threats and data breaches making the news every few days. Continue Reading
Guide 27 Dec 2017

Neutralizing threats and creating a secure Java software stack

This essential guide explores how developers can create a secure Java software stack, from the APIs used by the JDK to the methodologies used by Agile and DevOps teams. Continue Reading
Opinion 15 Dec 2017

The problem with bitcoin and blockchain technology

It's not just bitcoin's prodigious appetite -- it uses as much energy as the country of Slovenia. Security scares and long transaction times cast doubt on its viability. Continue Reading
Blog Post 12 Dec 2017

Is there a hidden threat embedded in the Management Engine of your Intel chip?

The Management Engine, embedded on certain Intel chips, is a hidden threat to the security of personal and corporate computers. People need to take this hidden threat seriously. Continue Reading
Tip 27 Nov 2017

Fighting hidden threats with DevOps security best practices

Find out what experts had to say about using DevOps security principles to weave threat resistance into the fabric of the development process. Continue Reading
Blog Post 12 Nov 2017

Shortcomings of Agile and DevOps causes security bug detection to suffer

Eariler this year we spoke with Jim Manco of Manicode security. It was immediately prior to Oracle OpenWorld 2017, in which Manico was delivering a JavaOne session on Java SE 9 security. There are ... Continue Reading
Podcast 18 Oct 2017

Migrations to Oracle's Java SE 9 platform may be delayed

Oracle did a great job getting Java SE 9 released earlier this year, but modularity and various smaller updates may not be enough to get users to quickly migrate to JDK 9. Continue Reading
Feature 09 Oct 2017

How blockchain security is driving digital transformations

Whether it is a secure cloud, a secure mobile device or a secure IOT interaction, organizations are making blockchain security a central part of their digital transformations. Continue Reading
Podcast 04 Oct 2017

Manico and Grimstad bring Java tech to life at JavaOne 2017

Engaging speakers like Jim Manico or Ivar Grimstad can make all the difference when choosing a session at a conference like JavaOne 2017 than the session syllabus. Continue Reading
Podcast 03 Oct 2017

How Java EE Security and MVC 1.0 simplify Java microservices

Once the decision has been made to use containers and microservices, it's good to know that MVC 1.0 and the Java EE Security API will make the development process much easier. Continue Reading
Podcast 03 Oct 2017

Oracle VP talks Java EE 8, Java platform update at JavaOne

Will the future involvement of the Eclipse Foundation lead to a faster and more nimble Java platform update process? Oracle's Michael Lehmann believes it will. Continue Reading
News 02 Oct 2017

Java SE 9, OpenJDK energize Java community at JavaOne 2017

From the release of Java 9 to the GPL of OpenJDK builds, recent Oracle announcements have energized the Java community, creating a palpable positivity at JavaOne 2017. Continue Reading
News 02 Oct 2017

How JSR-375 simplifies and standardizes Java EE security

Java EE security has always been a mixed bag in terms of simplicity and standardization, but the new Java EE Security API, JSR-375, plans to change all of that. Continue Reading
Feature 13 Sep 2017

How to remove plain text passwords for a secure Java code base

Here are some strategies to remove plain text passwords from configuration files and your code base. It's one way a secure Java app can deter a malicious attack. Continue Reading
News 12 Sep 2017

Calling 'all aboard' on the six-month Java release train

If Oracle moves to a six-month Java release cycle instead of the existing feature-driven one, what happens next? We talk to Azul's Gil Tene about Mark Reinhold's proposal. Continue Reading
Blog Post 10 Sep 2017

How to create secure Java software: A talk with Black Duck's Tim Mackey

In TheServerSide's ongoing coverage of developing secure Java software, I spoke recently with Tim Mackey, the IT evangelist for Black Duck Software. The conversation was interesting enough to pull ... Continue Reading
Blog Post 01 Sep 2017

Implementing cloud-native security means going back to your secure coding basics

There's really nothing new under the sun when it comes to addressing security vulnerabilities in code. While there has been a great shift in terms of how server side application are architected, ... Continue Reading
Feature 28 Aug 2017

The hidden threat lurking in an otherwise secure software stack

All it takes is a fork from the main branch and a re-branding of the code, and the next thing you know, there's a hidden threat in your software. Here's how to protect against it. Continue Reading
Blog Post 14 Aug 2017

Implementing a custom user registry to consolidate LDAP servers and active directories?

Should you implement a custom user registry to help mitigate access to your various LDAP servers in order to simplify security tasks such as authentication and group association? The answer to that ... Continue Reading
Feature 02 Jun 2017

How evolutionary architecture simplified hypothesis driven development

Learn how a new approach to evolving technical architectures promises to make it easier to test out hypothesis about business improvement, application performance, and user experience. Continue Reading
Opinion 01 May 2017

Software ethics and why 'Uber developer' stains a professional resume

After all of the playboy antics of the CEO, along with the unethical practices of fingerprinting and geofencing, the term 'Uber developer' is a stain on any professional resume. Continue Reading
Blog Post 12 Oct 2016

IoT security tips: Five ways developers can help thwart IoT malware threats

From device spoofing to malware, information disclosure, and DOS attacks, there are many ways a compromised device can become a threat. Here are ways to keep your devices safe. Continue Reading
News 05 Oct 2016

Pros and cons of a DIY approach to contributing to open source efforts

Everyone wants to contribute to open source projects, but few consider the risks. Salesforce evangelist James Ward outlines the legal and security risks involved. Continue Reading
Feature 30 Aug 2016

Five trends that help developers ensure a successful startup

From garnering expert talent to learning how to properly share ideas, expert Mark Goldstein shares how developers can contribute to the success of a software startup. Continue Reading
Opinion 22 Aug 2016

The reasons the COBOL language is irrelevant -- and why Java's okay

Word in the Java community is that it is slowly becoming outdated. Some beg to differ, including those who suggest that COBOL is the dying language. Continue Reading
Podcast 03 Aug 2016

Java Champion Trisha Gee on NoSQL, IntelliJ and Java 8

Presenting at QCon New York, Java Champion Trisha Gee talks about the hot-button topics in the conference's community, including NoSQL, IntelliJ and Java 8. Continue Reading
Feature 14 Jul 2016

Deciding between full stack developers or Ops engineers

The software development landscape is changing, and developers are being forced to ask themselves to choose between a career as an Ops professional or a full stack developer. Continue Reading
News 13 Jul 2016

Simplified portable applications with Docker and microservices

As the industry moves away from traditional SOA, organizations are instead choosing to create portable applications with SOA and microservices. Continue Reading
News 12 Jul 2016

Don't let unfounded Docker fears deter container technology adoption

Container technology is changing the enterprise software landscape, but many unfounded fears are delaying Docker adoption. Continue Reading
News 18 Mar 2016

Seif project makes Web security a priority

Creating a safer Internet has become a central topic of discussion at Fluent 2016. The Seif project is one attempt to improve Web security and deliver trusted infrastructure to the Web. Continue Reading
Feature 09 Apr 2015

Emerging 2015 Java trends: Cloud based IDEs and greater Java 8 adoption

So far in 2015, big trends are emerging in the Java ecosystem, and top among those trends are the use of cloud-based IDEs and the adoption of Java 8 and lambda expressions. Continue Reading
Feature 01 Apr 2013

Key benefits of architecting loosely coupled SOA-based solutions

Service-oriented architectures (SOA) experience the most benefits when architects use loose coupling to build their solutions. Continue Reading
Tutorial 13 Mar 2013

Mobile application development tutorial

Looking for a start in developing mobile apps for existing enterprise computing systems? This mobile application development tutorial is here to help. Continue Reading
Report 09 Jun 2010

Secure-Critical User Control Mechanisms

In many business areas an increased need for safety and control of business processes executed by human actors can be observed. Humans are by nature error-prone and make mistakes. Human activities, ranging from simple scenarios, such as manual approval to complex scenarios involving complicated entry of sensitive data are subject to failure, misunderstandings, typos and incorrect data. But a business can come into trouble not only by unintended errors introduced by human beings; also intentional misuse and internal fraud can produce a lot of damage and is often hard to track. Continue Reading
News 01 Jul 2008

Are Java Web Applications Secure?

One of the most extended belief about web applications is that most of them are insecure. This opinion is supported by statistics published by SANS [1] which show that almost half the vulnerabilities published during 2007 were related to web applications, independently from being open-source or commercial software. Continue Reading
News 01 May 2007

Using OpenID

Learn more about OpenID, a decentralized, open source framework for user-centric digital identity. With OpenID, rather than managing all online accounts individually, users can manage their identity in one place via an authentication server. Continue Reading
News 01 Feb 2006

Migrating JDBC Data Access Objects to use EJB3

In this article, we'll discuss what you need to do to migrate your DAO-based application to the EJB3 Java Persistence API. Continue Reading
News 01 Dec 2005

SSO and Identity Management

As Web-applications have grown over the years to support various business processes, these applications have expanded the number of users, groups and roles that need to be managed by administrators. Continue Reading
News 01 Jan 2005

Exploring J2EE Security for Applications using LDAP

This article is loosely based on prototyping a number of J2EE applications constructs, such as servlets, EJB, MDB (Message-driven Beans) and JSP implemented using LDAP (Lightweight Directory Access Protocol) for application authorization. The applications were built in order to understand standard J2EE security and IBM WebSphere extensions. The article identifies key interfaces within WebSphere Application Server Version 5.x (WAS) or any J2EE compliant application server that need to be configured in order to build secure applications. Continue Reading
News 01 Aug 2003

Using JAAS for Authorization & Authentication

This paper explains how to use the Java Authentication and Authorization API (JAAS). It plugs JAAS into the Struts framework. Though this paper focuses on Struts, and in particular the example application distributed with Struts, the lessons learned should be applicable to any MVC web framework. Continue Reading
News 01 Feb 2002

Part 6 - Securing Web Services with Single Sign-On

Web Services are arguably the most heterogenous distributed technology ever. A typical Web services setup will make use of many different technologies, object models and programming languages, which might include simple Perl scripts and standalone Web services implemented in C++ or Java, through to sophisticated applications build on top of J2EE application servers. Being able to interact across such diverse environments is one of the strengths of Web services, but it has a price: it becomes difficult to secure such systems. It is hard to find a common security standard for all involved technologies. Today we will talk about single sign-on, the security architecture that brings a flexible an interoperable way of securing heterogenous systems. Continue Reading