my blog. for you.

Let’s talk digital.

I’m an independent IT consultant and entrepreneur in the Internet and software business. I’m interested in design, enterprise applications, web apps and SaaS products. I design and develop business solutions and applications. I help companies in terms of software quality and knowledge transfer, e.g. with Angular and Spring Boot.

Everything new in Spring Security 6 baked with a Spring Boot 3 recipe by Laur Spilca @ Spring I/O

Sunday July 23rd, 2023 by Bjoern in Enterprise Software, Software
Read more

Implementing an Oauth 2 Authorization Server With Spring Security – The New Way! by Laurentiu Spilca @ Spring I/O 2022

Sunday December 4th, 2022 by Bjoern in Enterprise Software, Software
Read more

Spring Cloud Gateway: Resilience, Security, and Observability by Thomas Vitale @ Spring I/O 2022

Sunday August 14th, 2022 by Bjoern in Enterprise Software, Software
Read more

Spring Framework RCE Vulnerability With War File Deployments on Tomcat

Yesterday, an RCE vulnerability in the Spring Framework has been announced: Spring Framework RCE, Early Announcement CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ While, as of now, only WAR deployments of Spring Boot applications running under Apache Tomcat seem to be affected, it is still recommended to upgrade to Spring Boot 2.6.6 as soon as possible, even for Spring-based applications deployed as a JAR, because "the vulnerability is more general, and there may be other ways to exploit it that have ...
Friday April 1st, 2022 by Bjoern in Enterprise Software, Software, Web Applications
Read more

The Recent Log4j2 Vulnerability and How to Address it in Spring Boot Applications

By now, you probably will have heard about the Log4Shell 0-day exploit in Log4j 2 already. Since this is relevant to every Java developer and potentially every Java and hence - by extension - every Spring Boot application out there, I'd like to address this issue and how to mitigate it in Spring Boot applications. When using the default settings without any other dependencies, Spring Boot applications in general won't be vulnerable because Spring Boot uses Logback in its starter dependencies. However, if your ...
Sunday December 19th, 2021 by Bjoern in Enterprise Software, Software, Web Applications
Read more

Aaron Parecki – Why Do We Really Need OAuth Anyway? @ beyond tellerrand Düsseldorf 2021

At this year's beyond tellerrand Düsseldorf IndieWebCamp co-founder and OAuth consultant Aaron Parecki gave a talk about OAuth, why we need it, and how we can use it to simplify authentication and authorization in web applications: Aaron Parecki - Why Do We Really Need OAuth Anyway? - beyond tellerrand Düseldorf 2021 from beyond tellerrand on Vimeo. Aaron also provides a guide to building an OAuth 2.0 server and a video course titled "The Nuts and Bolts of OAuth 2.0".
Sunday December 5th, 2021 by Bjoern in Enterprise Software, Software, Web Applications
Read more

Managing Permissions with IAM – Sample From “Stratospheric – From Zero to Production with Spring Boot and AWS”

The following is an excerpt from the chapter on "Managing Permissions with IAM" from the eBook "Stratospheric – From Zero to Production with Spring Boot and AWS" I'm currently writing together with Tom Hombergs and Philip Riecks. You can get the eBook over at Leanpub. Managing Permissions with IAM When deploying applications to a cloud service such as AWS, reliable security concepts are key. After all, we not only want to protect our users' data but also make sure that security within our organization ...
Sunday January 10th, 2021 by Bjoern in Enterprise Software, Software, Web Applications
Read more

API Security Best Practices by Expedited Security

For everyone dealing with web-based APIs, both as a provider and a consumer, web app security service supplier Expedited Security (known for Expedited SSL, among other products) has compiled a vast, extensive compendium on API security best practices. The importance of secure APIs and best practices that help has make APIs more secure and dependable can't be emphasised enough. Covering each possible attack vector and adopting every best practice out there can seem like a truly daunting task. Guides like this one help ...
Sunday February 9th, 2020 by Bjoern in Enterprise Software, Front End Development, Software, Web Applications
Read more

JSON Web Tokens: Downsides, Best Practices and Secure and Robust Alternatives

JSON Web Tokens (JWTs) nowadays are commonly used for transmitting authentication data in web applications, especially those exhibiting the widespread client-server architecture where you have a fat client / single-page application written in JavaScript as a front-end and a back-end server providing REST endpoints for use by that front-end client. However, while common there are good arguments against this practice. In a nutshell, JWT often are used for storing session data such user authorization and authentication information although they aren't particularly well-suited to ...
Sunday November 10th, 2019 by Bjoern in Enterprise Software, Front End Development, Software, Web Applications
Read more

HTTP and REST Standards, Protocols and Headers for More Secure and More Robust Applications

Standards.REST is a website that helps you create better, more robust HTTP- and REST-based applications by providing an overview of existing, proven standards that allow you to build on existing solutions rather than re-invent the wheel yourself. The list of standards mentioned includes OAuth 2.0, the HTTP Caching standard and Application-Level Profile Semantics (ALPS), which - among others - is used extensively in Spring Data REST and Spring HATEOAS. On a closely related note, Stefan Judis published an article on HTTP headers ...
Sunday September 29th, 2019 by Bjoern in Enterprise Software, Front End Development, Software, Web, Web Applications
Read more
Next Page »