my blog. for you.

Reden wir über Digitales.

Ich bin selbständiger IT Berater und Unternehmer in der Internet und Software Branche. Ich beschäftige mich mit Design, Enterprise Applikationen, Web Apps und SaaS Produkten. Ich entwerfe und entwickle Business Lösungen und Anwendungen. Ich helfe Unternehmen in Sachen Software Qualität und Wissenstransfer, z.B. mit Angular und Spring Boot.

Managing Permissions with IAM – Sample From “Stratospheric – From Zero to Production with Spring Boot and AWS”

Leider ist der Eintrag nur auf English verfügbar.The following is an excerpt from the chapter on "Managing Permissions with IAM" from the eBook "Stratospheric – From Zero to Production with Spring Boot and AWS" I'm currently writing together with Tom Hombergs and Philip Riecks. You can get the eBook over at Leanpub. Managing Permissions with IAM When deploying applications to a cloud service such as AWS, reliable security concepts are key. After all, we not only want to protect our users' data but also ...
10. Januar 2021 by Bjoern in Enterprise Software, Software, Web Applikation
Read more

API Security Best Practices by Expedited Security

Leider ist der Eintrag nur auf English verfügbar.For everyone dealing with web-based APIs, both as a provider and a consumer, web app security service supplier Expedited Security (known for Expedited SSL, among other products) has compiled a vast, extensive compendium on API security best practices. The importance of secure APIs and best practices that help has make APIs more secure and dependable can't be emphasised enough. Covering each possible attack vector and adopting every best practice out there can seem like a ...
9. Februar 2020 by Bjoern in Enterprise Software, Front End Entwicklung, Software, Web Applikation
Read more

JSON Web Tokens: Downsides, Best Practices and Secure and Robust Alternatives

Leider ist der Eintrag nur auf English verfügbar.JSON Web Tokens (JWTs) nowadays are commonly used for transmitting authentication data in web applications, especially those exhibiting the widespread client-server architecture where you have a fat client / single-page application written in JavaScript as a front-end and a back-end server providing REST endpoints for use by that front-end client. However, while common there are good arguments against this practice. In a nutshell, JWT often are used for storing session data such user authorization and authentication ...
10. November 2019 by Bjoern in Enterprise Software, Front End Entwicklung, Software, Web Applikation
Read more

HTTP and REST Standards, Protocols and Headers for More Secure and More Robust Applications

Leider ist der Eintrag nur auf English verfügbar.Standards.REST is a website that helps you create better, more robust HTTP- and REST-based applications by providing an overview of existing, proven standards that allow you to build on existing solutions rather than re-invent the wheel yourself. The list of standards mentioned includes OAuth 2.0, the HTTP Caching standard and Application-Level Profile Semantics (ALPS), which - among others - is used extensively in Spring Data REST and Spring HATEOAS. On a closely related note, Stefan ...
29. September 2019 by Bjoern in Enterprise Software, Front End Entwicklung, Software, Web, Web Applikation
Read more

OAuth 2.0 Authentication with Jira – A Spring Boot Example Application

Leider ist der Eintrag nur auf English verfügbar.When dealing with the specifics of authentication techniques and protocols such as OAuth the devil often is in the detail. While the OAuth 2.0 protocol generally is easy to grasp and simple to use implementation details for specific authentication providers can easily have you hit a snag fairly quickly. Documentation and examples sometimes are outdated or scattered across several - sometimes contradictory documents. Additionally, examples for the authentication provider you want to use might not ...
31. März 2019 by Bjoern in Enterprise Software, Software, Web Applikation
Read more

Observatory by Mozilla: Security Checkup for Your Websites and Web Apps

Leider ist der Eintrag nur auf English verfügbar.Observatory by Mozilla is a security checkup tool for websites and web apps that both assesses your website in terms of HTTP security measures and best practices and also suggests approaches and techniques for further improving security. Observatory's goal is to provide developers with insights as to their applications' security standards as well as to educate developers about HTTP security options such as the Content Security Policy or HTTP Strict Transport Security headers and the ...
10. Februar 2019 by Bjoern in Front End Entwicklung, Software, Web Applikation
Read more

Security Expert Mario Heiderich About AngularJS and Security

Leider ist der Eintrag nur auf English verfügbar.At beyond tellerrand in Düsseldorf this year security expert Mario Heidrich gave a fast-paced - if sometimes too abrasive for my liking - talk about security and AngularJS: This talk contains a lot of useful insights as to what to pay attention to in order to secure your AngularJS applications (or in fact any web application created with a modern JavaScript framework), as well as techniques and approaches security consultants and hackers (both the white ...
19. Juni 2016 by Bjoern in Software, Web Applikation
Read more

OpenSSL Heartbleed Bug: Idea For New Password Management Protocol

Leider ist der Eintrag nur auf English verfügbar.On 07 April 2014 a very serious OpenSSL bug with the colourful name 'Heartbleed' was disclosed. You can read more about this bug here, here and on the blog of the Chuck Norris of cryptography, Bruce Schneier. You can check here if your website or a service you're using is affected by this bug. Suffice it to say that the consequences are as severe as can be for most of the core services of the ...
13. April 2014 by Bjoern in Web
Read more
« Vorherige Seite