my blog. for you.

Reden wir über Digitales.

Ich bin selbständiger IT Berater und Unternehmer in der Internet und Software Branche. Ich beschäftige mich mit Design, Enterprise Applikationen, Web Apps und SaaS Produkten. Ich entwerfe und entwickle Business Lösungen und Anwendungen. Ich helfe Unternehmen in Sachen Software Qualität und Wissenstransfer, z.B. mit Angular und Spring Boot.

API Security Best Practices by Expedited Security

Leider ist der Eintrag nur auf Britisches Englisch verfügbar.For everyone dealing with web-based APIs, both as a provider and a consumer, web app security service supplier Expedited Security (known for Expedited SSL, among other products) has compiled a vast, extensive compendium on API security best practices. The importance of secure APIs and best practices that help has make APIs more secure and dependable can't be emphasised enough. Covering each possible attack vector and adopting every best practice out there can seem like ... Read more

JSON Web Tokens: Downsides, Best Practices and Secure and Robust Alternatives

Leider ist der Eintrag nur auf Britisches Englisch verfügbar.JSON Web Tokens (JWTs) nowadays are commonly used for transmitting authentication data in web applications, especially those exhibiting the widespread client-server architecture where you have a fat client / single-page application written in JavaScript as a front-end and a back-end server providing REST endpoints for use by that front-end client. However, while common there are good arguments against this practice. In a nutshell, JWT often are used for storing session data such user authorization and ... Read more

Observatory by Mozilla: Security Checkup for Your Websites and Web Apps

Leider ist der Eintrag nur auf Britisches Englisch verfügbar.Observatory by Mozilla is a security checkup tool for websites and web apps that both assesses your website in terms of HTTP security measures and best practices and also suggests approaches and techniques for further improving security. Observatory's goal is to provide developers with insights as to their applications' security standards as well as to educate developers about HTTP security options such as the Content Security Policy or HTTP Strict Transport Security headers and ... Read more

Security Expert Mario Heiderich About AngularJS and Security

Leider ist der Eintrag nur auf Britisches Englisch verfügbar.At beyond tellerrand in Düsseldorf this year security expert Mario Heidrich gave a fast-paced - if sometimes too abrasive for my liking - talk about security and AngularJS: This talk contains a lot of useful insights as to what to pay attention to in order to secure your AngularJS applications (or in fact any web application created with a modern JavaScript framework), as well as techniques and approaches security consultants and hackers (both the ... Read more