my blog. for you.

Reden wir über Digitales.

Ich bin selbständiger IT Berater und Unternehmer in der Internet und Software Branche. Ich beschäftige mich mit Design, Enterprise Applikationen, Web Apps und SaaS Produkten. Ich entwerfe und entwickle Business Lösungen und Anwendungen. Ich helfe Unternehmen in Sachen Software Qualität und Wissenstransfer, z.B. mit Angular und Spring Boot.

Everything new in Spring Security 6 baked with a Spring Boot 3 recipe by Laur Spilca @ Spring I/O

Leider ist der Eintrag nur auf English verfügbar.
23. Juli 2023 by Bjoern in Enterprise Software, Software
Read more

Implementing an Oauth 2 Authorization Server With Spring Security – The New Way! by Laurentiu Spilca @ Spring I/O 2022

Leider ist der Eintrag nur auf English verfügbar.
4. Dezember 2022 by Bjoern in Enterprise Software, Software
Read more

Spring Cloud Gateway: Resilience, Security, and Observability by Thomas Vitale @ Spring I/O 2022

Leider ist der Eintrag nur auf English verfügbar.
14. August 2022 by Bjoern in Enterprise Software, Software
Read more

Spring Framework RCE Vulnerability With War File Deployments on Tomcat

Leider ist der Eintrag nur auf English verfügbar.Yesterday, an RCE vulnerability in the Spring Framework has been announced: Spring Framework RCE, Early Announcement CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ While, as of now, only WAR deployments of Spring Boot applications running under Apache Tomcat seem to be affected, it is still recommended to upgrade to Spring Boot 2.6.6 as soon as possible, even for Spring-based applications deployed as a JAR, because "the vulnerability is more general, and there may be ...
1. April 2022 by Bjoern in Enterprise Software, Software, Web Applikation
Read more

The Recent Log4j2 Vulnerability and How to Address it in Spring Boot Applications

Leider ist der Eintrag nur auf English verfügbar.By now, you probably will have heard about the Log4Shell 0-day exploit in Log4j 2 already. Since this is relevant to every Java developer and potentially every Java and hence - by extension - every Spring Boot application out there, I'd like to address this issue and how to mitigate it in Spring Boot applications. When using the default settings without any other dependencies, Spring Boot applications in general won't be vulnerable because Spring Boot uses ...
19. Dezember 2021 by Bjoern in Enterprise Software, Software, Web Applikation
Read more

Aaron Parecki – Why Do We Really Need OAuth Anyway? @ beyond tellerrand Düsseldorf 2021

Leider ist der Eintrag nur auf English verfügbar.At this year's beyond tellerrand Düsseldorf IndieWebCamp co-founder and OAuth consultant Aaron Parecki gave a talk about OAuth, why we need it, and how we can use it to simplify authentication and authorization in web applications: Aaron Parecki - Why Do We Really Need OAuth Anyway? - beyond tellerrand Düseldorf 2021 from beyond tellerrand on Vimeo. Aaron also provides a guide to building an OAuth 2.0 server and a video course titled "The Nuts and ...
5. Dezember 2021 by Bjoern in Enterprise Software, Software, Web Applikation
Read more

Managing Permissions with IAM – Sample From “Stratospheric – From Zero to Production with Spring Boot and AWS”

Leider ist der Eintrag nur auf English verfügbar.The following is an excerpt from the chapter on "Managing Permissions with IAM" from the eBook "Stratospheric – From Zero to Production with Spring Boot and AWS" I'm currently writing together with Tom Hombergs and Philip Riecks. You can get the eBook over at Leanpub. Managing Permissions with IAM When deploying applications to a cloud service such as AWS, reliable security concepts are key. After all, we not only want to protect our users' data but also ...
10. Januar 2021 by Bjoern in Enterprise Software, Software, Web Applikation
Read more

API Security Best Practices by Expedited Security

Leider ist der Eintrag nur auf English verfügbar.For everyone dealing with web-based APIs, both as a provider and a consumer, web app security service supplier Expedited Security (known for Expedited SSL, among other products) has compiled a vast, extensive compendium on API security best practices. The importance of secure APIs and best practices that help has make APIs more secure and dependable can't be emphasised enough. Covering each possible attack vector and adopting every best practice out there can seem like a ...
9. Februar 2020 by Bjoern in Enterprise Software, Front End Entwicklung, Software, Web Applikation
Read more

JSON Web Tokens: Downsides, Best Practices and Secure and Robust Alternatives

Leider ist der Eintrag nur auf English verfügbar.JSON Web Tokens (JWTs) nowadays are commonly used for transmitting authentication data in web applications, especially those exhibiting the widespread client-server architecture where you have a fat client / single-page application written in JavaScript as a front-end and a back-end server providing REST endpoints for use by that front-end client. However, while common there are good arguments against this practice. In a nutshell, JWT often are used for storing session data such user authorization and authentication ...
10. November 2019 by Bjoern in Enterprise Software, Front End Entwicklung, Software, Web Applikation
Read more

HTTP and REST Standards, Protocols and Headers for More Secure and More Robust Applications

Leider ist der Eintrag nur auf English verfügbar.Standards.REST is a website that helps you create better, more robust HTTP- and REST-based applications by providing an overview of existing, proven standards that allow you to build on existing solutions rather than re-invent the wheel yourself. The list of standards mentioned includes OAuth 2.0, the HTTP Caching standard and Application-Level Profile Semantics (ALPS), which - among others - is used extensively in Spring Data REST and Spring HATEOAS. On a closely related note, Stefan ...
29. September 2019 by Bjoern in Enterprise Software, Front End Entwicklung, Software, Web, Web Applikation
Read more
Nächste Seite »