December 13, 2016

Create PublicKey and PrivateKey in Java 8

import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.PublicKey;
import java.security.PrivateKey;

KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
keyPairGen.initialize(2048, SecureRandom.getInstanceStrong());
KeyPair keyPair = keyPairGen.genKeyPair();
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();

See also sun.security.tools.keytool.CertAndKeyGen.

November 23, 2016

How to Create Custom Launch Icon in Ubuntu

[Desktop Entry]
Encoding=UTF-8
Name=Calculator
Name[fr]=Calculatrice
...
Comment=Perform calculations
Comment[fr]=Effectue des calculs compliqués
...
Exec=gcalctool
Icon=accessories-calculator
Terminal=false
Type=Application
StartupNotify=true
Categories=GNOME;GTK;Utility;Calculator

For details see https://help.gnome.org/admin//system-admin-guide/2.32/menustructure-desktopentry.html.en

November 12, 2016

OpenID Connect explained

http://connect2id.com/learn/openid-connect

Or slides version http://connect2id.com/assets/oidc-explained.pdf

What is Encrypted in HTTPS and SSL Stripping

"Everything in the HTTPS message is encrypted, including the headers, and the request/response load." [https://en.wikipedia.org/wiki/HTTPS#Network_layers]

Limitations

"A sophisticated type of man-in-the-middle attack called SSL stripping was presented at the Blackhat Conference 2009. This type of attack defeats the security provided by HTTPS by changing the https: link into an http: link, taking advantage of the fact that few Internet users actually type "https" into their browser interface: they get to a secure site by clicking on a link, and thus are fooled into thinking that they are using HTTPS when in fact they are using HTTP." [https://en.wikipedia.org/wiki/HTTPS#Limitations]

SSL Stripping Mitigation

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet



November 11, 2016

How to set Proxy for Java Process, e.g. JBoss

For all Java process you can set proxy settings from command line:

-Dhttp.proxyHost=localhost -Dhttp.proxyPort=8080 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=8443

For details see: Java Networking Properties

For JBoss EAP 6 >, you can set this with:

<server xmlns="urn:jboss:domain:1.7">
    <extensions>
        ...
    </extensions>
    <system-properties> 
        <property name="http.proxyHost" value="localhost"/>
        <property name="http.proxyPort" value="8080"/>
        <property name="https.proxyHost" value="localhost"/>
        <property name="https.proxyPort" value="8443"/>
    </system-properties> 
    <management>
</server>

Overview Apache Cordova

Apache Cordova is a mobile hybrid solution. You write you application in HTML, CSS and JavaScript.

When you build your application you will have a native package. The application will then run in a native WebView (on iOS Objective-C UIWebView class; on Android android.webkit.WebView.)



https://cordova.apache.org/docs/en/latest/guide/overview/

Slack for Ubuntu 16.04 64-bit

Download and install debian package from:

Google Recaptcha

To safeguard registration against bots you can integrate with Google reCAPTCHA.

https://developers.google.com/recaptcha/

OWASP Bean Validation Cheat Sheet

Bean validation is not only interesting for validation, but mixed with a unified domain model, you also get a uniform validation through out our application.

Bean_validation_jsr.jpg

https://www.owasp.org/index.php/Bean_Validation_Cheat_Sheet

Reference for regexp validation (javax.validation.constraints.Pattern): OWASP Validation Regex Repository




OWASP Cheat Sheet Series

https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series

Simple HTTP Headers that Improves Web Security

X-Frame-Options: SAMEORIGIN

What is Clickjacking? https://en.wikipedia.org/wiki/Clickjacking

See also:

Content-Security-Policy: frame-src 'self'

What is CSP, Content Security Policy? https://www.owasp.org/index.php/Content_Security_Policy

See also:

X-Content-Type-Options: nosniff

This is a security feature that helps prevent attacks based on MIME-type confusion.

September 16, 2016

How To Read from a Text File in Java

BufferedReader reader = null;
try {
    reader = new BufferedReader(new InputStreamReader(new FileInputStream("filename.txt"), "UTF-8"));
    String string = reader.readLine();
} finally {
    if (reader != null) {
        reader.close();
    }
}

How To Write to a Text File in Java

Writer writer = null;
try {
    writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream("filename.txt"), "UTF-8"));
    writer.write(string);
} finally {
    if (writer != null) {
        writer.close();
    }
}