Enterprise development security
Enterprise development security involves the use of software, hardware, and procedural methods to protect applications from external threats. Enterprise Java security measures built into applications and a sound application security routine minimize the likelihood that hackers will be able to manipulate applications and access, steal, modify, or delete sensitive enterprise data. Learn design techniques and how to design secure Java applications. Find best practices, examples and strategies for designing security into enterprise Java applications.
Top Stories
-
Feature
27 Apr 2021
Collaboration is key to a secure web application architecture
Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers. Continue Reading
-
Feature
23 Dec 2020
What's in a name? What developers can expect in Jakarta EE 9
What Oracle called the Java EE API is now called Jakarta EE API under the Eclipse Foundation. Here's what developers can expect in the Jakarta EE 9 release. Continue Reading
-
Blog Post
08 Jan 2022
How chmod numbers work explained by example
Don't let yourself be intimidated by chmod numbers and permissions. Here's a quick and easy to understand explanation of how chmod permission numbers work in Linux. Continue Reading
-
Feature
27 Apr 2021
Collaboration is key to a secure web application architecture
Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers. Continue Reading
-
Feature
23 Dec 2020
What's in a name? What developers can expect in Jakarta EE 9
What Oracle called the Java EE API is now called Jakarta EE API under the Eclipse Foundation. Here's what developers can expect in the Jakarta EE 9 release. Continue Reading
-
Blog Post
01 Aug 2020
How TUF can secure software systems from update vulnerabilities
An emerging specification from CNCF looks to secure software systems thanks to the open source community and a focus on update vulnerabilities that limit the effects of a potential attack. Continue Reading
-
Feature
05 May 2020
The what, why and how of the Spring Security architecture
Like any framework, Spring Security requires writing less code to implement the desired functionality. Learn how to implement the Spring Security architecture in this book excerpt. Continue Reading
-
Feature
05 May 2020
Why developers need to know the Spring Security framework
The Spring Security framework is a reliable way for Java developers to secure applications. However, proper implementation is critical to prevent the most common vulnerabilities. Continue Reading
-
Blog Post
13 Dec 2019
5 simple steps you can take to prevent a data breach
Stick to best practices when it comes to security. Follow these five simple steps to guard against the most basic cyberattacks. Continue Reading
-
Blog Post
20 Nov 2019
How regular secure code reviews can benefit an organization
Follow these code review best practices to identify security vulnerabilities before your applications are released into production. Continue Reading
-
Tutorial
13 Nov 2019
A Jenkins tutorial for beginners with examples
If you're ready to try Jenkins, this quick start tutorial lays out the specific steps you'll need to take to download and install the CI tool on your local machine. Continue Reading
-
Feature
07 Oct 2019
You need more than web app security to stop API attacks
API and web application vulnerabilities may share some common traits, but it's where they differ that hackers will target. Continue Reading
-
Blog Post
03 Oct 2019
What developers need to know about an Alexa vulnerability
An Alexa vulnerability, combined with improper record retention in Amazon cloud servers, could expose a consumer or business developer to hacks that target private data. Continue Reading
-
Blog Post
01 Oct 2019
Forensic analysis helps close gaps in hypervisor vulnerabilities
A June 2019 NIST report identified hypervisor vulnerabilities in type 1 and type 2 hypervisors. Through the use of forensic analysis, you can start to close gaps in these vulnerabilities and ... Continue Reading
-
Blog Post
29 Aug 2019
Input validation issues open Cisco firewall vulnerability
A Cisco firewall vulnerability stems from improper user input validation. Here is how to fix the problem, and other ways to stem firewall vulnerability issues in your environment. Continue Reading
-
Blog Post
28 Aug 2019
Use the HSTS header for secure communications across networks
With the HSTS header, your organization can ensure that communications are secure across your networks. Here is how to implement the header, and some parameters to set for proper security. Continue Reading
-
Blog Post
23 Aug 2019
7 IT security best practices to know to prevent data breaches
Hackers don't always infiltrate your production systems with sophisticated attacks. Sometimes, they view overlooked IT security best practices as the best way to gain access to your data. Continue Reading
-
Blog Post
01 Jul 2019
Don't let RabbitMQ vulnerabilities expose your CI pipelines
The Jenkins Security Advisory reported multiple security vulnerabilities in the RabbitMQ Publisher that exposed continuous integration pipelines to potential attacks through unencrypted passwords ... Continue Reading
-
Blog Post
25 Jun 2019
Perform a Kubernetes security hardening before you use Jenkins X
Developers need to make a Kubernetes security hardening a priority before you dabble with Jenkins X in your environment. Don't let Kubernetes vulnerabilities expose your valuable data to possible ... Continue Reading
-
Blog Post
10 Jun 2019
How to deal with a remote code execution vulnerability
Manage a remote code execution vulnerability with careful diagnosis of the problem and different risk mitigation steps to avoid an attacker intrusion into your enterprise. Continue Reading
-
Feature
26 Apr 2019
Use entropy as a service to bolster your security
Cryptographic keys help improve security in your enterprise. Consider entropy as a way to safeguard your data and prevent hackers from picking your locks with faulty keys. Continue Reading
-
Feature
24 Apr 2019
Help your developers create a better IT security model
Developers need to be comfortable with their tools to create a strong security model in an organization. Don't overlook these areas or credentials can end up in the wrong hands. Continue Reading
-
Feature
27 Mar 2019
Encrypted computing approaches practical app development
A new technology could make it easier to write apps that don't have to decrypt data and, therefore, improve security without a compromise made for development. Continue Reading
-
Feature
19 Mar 2019
Detect attacker intent with Elasticsearch security plugins
Harden your enterprise with security plugins for Elasticsearch that target hacker behaviors, patterns and goals to limit issues, and keep your information safe. Continue Reading
-
Feature
14 Mar 2019
Fix this runC vulnerability to prevent unwanted root access
Examine a recent vulnerability to the runC container code and what you need to do to prevent unwanted root access and container manipulation in your computing environment. Continue Reading
-
Feature
28 Feb 2019
Don't let the DevOps shift left mindset diminish security
The shift left in DevOps philosophy makes some responsibility changes in the delivery process but can generate positive results if properly implemented. Continue Reading
-
Opinion
12 Feb 2019
Master-slave terminology alternatives you can use right now
Software companies have found alternatives for master-slave terminology to describe their distributed systems. It's time for the rest of the IT world to do the same. Continue Reading
-
Opinion
14 Dec 2018
Don't contribute to the high IT project failure rate
Enterprise software development is difficult, so it's no surprise to discover there is a high IT project failure rate. Here's how to buck the trend and get yours to succeed. Continue Reading
-
Feature
30 Oct 2018
This history of GitHub and Java's role in it
Ruby played a big role in the history of GitHub, but Java now plays a bigger part. At Oracle Code One, GitHub engineering manager Rafer Hazen provided plenty of reasons why. Continue Reading
-
Blog Post
01 Oct 2018
Women in Cybersecurity: Bringing Balance to the Equation
The world of technology is exciting. And confusing. And dangerous. And full of potential. For women, privacy and security are concepts that go hand in hand. Today’s technology has created new ways ... Continue Reading
-
Feature
16 May 2018
How to calculate McCabe cyclomatic complexity in Java
An understanding of how to calculate McCabe cyclomatic complexity in Java is the first step in better testing and improved software quality. Continue Reading
-
Blog Post
27 Apr 2018
Thwart threats by abiding to network security fundamentals
Cloud,  mobile, and IoT have changed the face of the modern network so it’s no surprise  network security fundamentals have become important for businesses of all sizes. It seems even the largest ... Continue Reading
-
Tutorial
24 Apr 2018
Create your first Jenkins build job: A freestyle project tutorial for beginners
The Jenkins freestyle job is the foundation of Jenkins CI. In this CI tutorial, we show you how to both create a freestyle job and run it using the CI tool. Continue Reading
-
Feature
20 Mar 2018
Stay ahead of Java security issues like SQL and LDAP injections
Java security best practices include validating input to prevent injection attacks and managing malicious JAR vulnerabilities. Continue Reading
-
Feature
08 Mar 2018
Application security vulnerabilities are often known exploits
How hard is it to secure an enterprise application? It's not hard, especially given the fact that most application security vulnerabilities are known threats with simple solutions. Continue Reading
-
Opinion
12 Feb 2018
Why this quantum computing breakthrough is a security risk
Quantum computing will void pretty much all security encryption techniques and open the door to hackers. Here's how to protect your data when it does. Continue Reading
-
Feature
05 Feb 2018
Containers and the cloud push middleware technology forward
Is the application server dead? Not really. But the role of middleware technology has certainly changed in ways that impact both operations and developers. Continue Reading
-
Feature
05 Feb 2018
What can the Java community expect from Oracle in 2018?
Questions remain as to how bumpy the road may be as Oracle changes the release cadence and embraces OpenJDK. Is the Java community ready for the ride? Continue Reading
-
Podcast
24 Jan 2018
Here's how to add Java certified developer to your resume
Ever think about acquiring your Java certification? Here we take a look at the benefits of getting Java certified and the steps to take to ensure that it happens. Continue Reading
-
Blog Post
22 Jan 2018
Cybersecurity risk management doesn’t need to be all or nothing
Cybersecurity risk management should be a concern for organizations of all sizes, with fresh threats and data breaches making the news every few days. Continue Reading
-
Opinion
15 Dec 2017
The problem with bitcoin and blockchain technology
It's not just bitcoin's prodigious appetite -- it uses as much energy as the country of Slovenia. Security scares and long transaction times cast doubt on its viability. Continue Reading
-
Blog Post
12 Dec 2017
Is there a hidden threat embedded in the Management Engine of your Intel chip?
The Management Engine, embedded on certain Intel chips, is a hidden threat to the security of personal and corporate computers. People need to take this hidden threat seriously. Continue Reading
-
Tip
27 Nov 2017
Fighting hidden threats with DevOps security best practices
Find out what experts had to say about using DevOps security principles to weave threat resistance into the fabric of the development process. Continue Reading
-
Blog Post
12 Nov 2017
Shortcomings of Agile and DevOps causes security bug detection to suffer
Eariler this year we spoke with Jim Manco of Manicode security. It was immediately prior to Oracle OpenWorld 2017, in which Manico was delivering a JavaOne session on Java SE 9 security. There are ... Continue Reading
-
Podcast
18 Oct 2017
Migrations to Oracle's Java SE 9 platform may be delayed
Oracle did a great job getting Java SE 9 released earlier this year, but modularity and various smaller updates may not be enough to get users to quickly migrate to JDK 9. Continue Reading
-
Feature
09 Oct 2017
How blockchain security is driving digital transformations
Whether it is a secure cloud, a secure mobile device or a secure IOT interaction, organizations are making blockchain security a central part of their digital transformations. Continue Reading
-
Podcast
04 Oct 2017
Manico and Grimstad bring Java tech to life at JavaOne 2017
Engaging speakers like Jim Manico or Ivar Grimstad can make all the difference when choosing a session at a conference like JavaOne 2017 than the session syllabus. Continue Reading
-
Podcast
03 Oct 2017
How Java EE Security and MVC 1.0 simplify Java microservices
Once the decision has been made to use containers and microservices, it's good to know that MVC 1.0 and the Java EE Security API will make the development process much easier. Continue Reading
-
Podcast
03 Oct 2017
Oracle VP talks Java EE 8, Java platform update at JavaOne
Will the future involvement of the Eclipse Foundation lead to a faster and more nimble Java platform update process? Oracle's Michael Lehmann believes it will. Continue Reading
-
News
02 Oct 2017
Java SE 9, OpenJDK energize Java community at JavaOne 2017
From the release of Java 9 to the GPL of OpenJDK builds, recent Oracle announcements have energized the Java community, creating a palpable positivity at JavaOne 2017. Continue Reading
-
News
02 Oct 2017
How JSR-375 simplifies and standardizes Java EE security
Java EE security has always been a mixed bag in terms of simplicity and standardization, but the new Java EE Security API, JSR-375, plans to change all of that. Continue Reading
-
Feature
13 Sep 2017
How to remove plain text passwords for a secure Java code base
Here are some strategies to remove plain text passwords from configuration files and your code base. It's one way a secure Java app can deter a malicious attack. Continue Reading
-
News
12 Sep 2017
Calling 'all aboard' on the six-month Java release train
If Oracle moves to a six-month Java release cycle instead of the existing feature-driven one, what happens next? We talk to Azul's Gil Tene about Mark Reinhold's proposal. Continue Reading
-
Blog Post
10 Sep 2017
How to create secure Java software: A talk with Black Duck's Tim Mackey
In TheServerSide's ongoing coverage of developing secure Java software, I spoke recently with Tim Mackey, the IT evangelist for Black Duck Software. The conversation was interesting enough to pull ... Continue Reading
-
Blog Post
01 Sep 2017
Implementing cloud-native security means going back to your secure coding basics
There's really nothing new under the sun when it comes to addressing security vulnerabilities in code. While there has been a great shift in terms of how server side application are architected, ... Continue Reading
-
Feature
28 Aug 2017
The hidden threat lurking in an otherwise secure software stack
All it takes is a fork from the main branch and a re-branding of the code, and the next thing you know, there's a hidden threat in your software. Here's how to protect against it. Continue Reading
-
Blog Post
14 Aug 2017
Implementing a custom user registry to consolidate LDAP servers and active directories?
Should you implement a custom user registry to help mitigate access to your various LDAP servers in order to simplify security tasks such as authentication and group association? The answer to that ... Continue Reading
-
Feature
02 Jun 2017
How evolutionary architecture simplified hypothesis driven development
Learn how a new approach to evolving technical architectures promises to make it easier to test out hypothesis about business improvement, application performance, and user experience. Continue Reading
-
Opinion
01 May 2017
Software ethics and why 'Uber developer' stains a professional resume
After all of the playboy antics of the CEO, along with the unethical practices of fingerprinting and geofencing, the term 'Uber developer' is a stain on any professional resume. Continue Reading
-
Blog Post
12 Oct 2016
IoT security tips: Five ways developers can help thwart IoT malware threats
From device spoofing to malware, information disclosure, and DOS attacks, there are many ways a compromised device can become a threat. Here are ways to keep your devices safe. Continue Reading
-
News
05 Oct 2016
Pros and cons of a DIY approach to contributing to open source efforts
Everyone wants to contribute to open source projects, but few consider the risks. Salesforce evangelist James Ward outlines the legal and security risks involved. Continue Reading
-
Feature
30 Aug 2016
Five trends that help developers ensure a successful startup
From garnering expert talent to learning how to properly share ideas, expert Mark Goldstein shares how developers can contribute to the success of a software startup. Continue Reading
-
Opinion
22 Aug 2016
The reasons the COBOL language is irrelevant -- and why Java's okay
Word in the Java community is that it is slowly becoming outdated. Some beg to differ, including those who suggest that COBOL is the dying language. Continue Reading
-
Podcast
03 Aug 2016
Java Champion Trisha Gee on NoSQL, IntelliJ and Java 8
Presenting at QCon New York, Java Champion Trisha Gee talks about the hot-button topics in the conference's community, including NoSQL, IntelliJ and Java 8. Continue Reading
-
Feature
14 Jul 2016
Deciding between full stack developers or Ops engineers
The software development landscape is changing, and developers are being forced to ask themselves to choose between a career as an Ops professional or a full stack developer. Continue Reading
-
News
13 Jul 2016
Simplified portable applications with Docker and microservices
As the industry moves away from traditional SOA, organizations are instead choosing to create portable applications with SOA and microservices. Continue Reading
-
News
12 Jul 2016
Don't let unfounded Docker fears deter container technology adoption
Container technology is changing the enterprise software landscape, but many unfounded fears are delaying Docker adoption. Continue Reading
-
News
18 Mar 2016
Seif project makes Web security a priority
Creating a safer Internet has become a central topic of discussion at Fluent 2016. The Seif project is one attempt to improve Web security and deliver trusted infrastructure to the Web. Continue Reading
-
Feature
09 Apr 2015
Emerging 2015 Java trends: Cloud based IDEs and greater Java 8 adoption
So far in 2015, big trends are emerging in the Java ecosystem, and top among those trends are the use of cloud-based IDEs and the adoption of Java 8 and lambda expressions. Continue Reading
-
Feature
01 Apr 2013
Key benefits of architecting loosely coupled SOA-based solutions
Service-oriented architectures (SOA) experience the most benefits when architects use loose coupling to build their solutions. Continue Reading
-
Tutorial
13 Mar 2013
Mobile application development tutorial
Looking for a start in developing mobile apps for existing enterprise computing systems? This mobile application development tutorial is here to help. Continue Reading
-
News
25 May 2011
New Cross-site Request Forgery Protection in Tomcat 7
Cross-site request forgery (CSRF) is a security vulnerability that targets the trust sites put into a browser. A CSRF attack will trick a victim into making a malicious request which is granted based on the user's already authenticated credentials. Check out this post to learn more about authentication and methods for preventing CSRF attacks. Continue Reading
-
News
06 May 2011
How to do Security Testing with Business Transactions
Plaintext secrets written to a log file are a well-known vulnerability. Once an intruder gains access to a hard disk they can easily comb through log files to further exploit the system. It’s a good idea to grep log files after your test run but that will not cover output to the server console, which may contain different content. Continue Reading
-
Report
09 Jun 2010
Secure-Critical User Control Mechanisms
In many business areas an increased need for safety and control of business processes executed by human actors can be observed. Humans are by nature error-prone and make mistakes. Human activities, ranging from simple scenarios, such as manual approval to complex scenarios involving complicated entry of sensitive data are subject to failure, misunderstandings, typos and incorrect data. But a business can come into trouble not only by unintended errors introduced by human beings; also intentional misuse and internal fraud can produce a lot of damage and is often hard to track. Continue Reading
-
News
01 Jul 2008
Are Java Web Applications Secure?
One of the most extended belief about web applications is that most of them are insecure. This opinion is supported by statistics published by SANS [1] which show that almost half the vulnerabilities published during 2007 were related to web applications, independently from being open-source or commercial software. Continue Reading
-
News
01 May 2007
Using OpenID
Learn more about OpenID, a decentralized, open source framework for user-centric digital identity. With OpenID, rather than managing all online accounts individually, users can manage their identity in one place via an authentication server. Continue Reading
-
News
01 Feb 2006
Migrating JDBC Data Access Objects to use EJB3
In this article, we'll discuss what you need to do to migrate your DAO-based application to the EJB3 Java Persistence API. Continue Reading
-
News
01 Dec 2005
SSO and Identity Management
As Web-applications have grown over the years to support various business processes, these applications have expanded the number of users, groups and roles that need to be managed by administrators. Continue Reading
-
News
01 Jan 2005
Exploring J2EE Security for Applications using LDAP
This article is loosely based on prototyping a number of J2EE applications constructs, such as servlets, EJB, MDB (Message-driven Beans) and JSP implemented using LDAP (Lightweight Directory Access Protocol) for application authorization. The applications were built in order to understand standard J2EE security and IBM WebSphere extensions. The article identifies key interfaces within WebSphere Application Server Version 5.x (WAS) or any J2EE compliant application server that need to be configured in order to build secure applications. Continue Reading
-
News
01 Aug 2003
Using JAAS for Authorization & Authentication
This paper explains how to use the Java Authentication and Authorization API (JAAS). It plugs JAAS into the Struts framework. Though this paper focuses on Struts, and in particular the example application distributed with Struts, the lessons learned should be applicable to any MVC web framework. Continue Reading
-
News
01 Feb 2002
Part 6 - Securing Web Services with Single Sign-On
Web Services are arguably the most heterogenous distributed technology ever. A typical Web services setup will make use of many different technologies, object models and programming languages, which might include simple Perl scripts and standalone Web services implemented in C++ or Java, through to sophisticated applications build on top of J2EE application servers. Being able to interact across such diverse environments is one of the strengths of Web services, but it has a price: it becomes difficult to secure such systems. It is hard to find a common security standard for all involved technologies. Today we will talk about single sign-on, the security architecture that brings a flexible an interoperable way of securing heterogenous systems. Continue Reading