my blog. for you.

Let’s talk digital.

I’m an independent IT consultant and entrepreneur in the Internet and software business. I’m interested in design, enterprise applications, web apps and SaaS products. I design and develop business solutions and applications. I help companies in terms of software quality and knowledge transfer, e.g. with Angular and Spring Boot.

API Security Best Practices by Expedited Security

For everyone dealing with web-based APIs, both as a provider and a consumer, web app security service supplier Expedited Security (known for Expedited SSL, among other products) has compiled a vast, extensive compendium on API security best practices. The importance of secure APIs and best practices that help has make APIs more secure and dependable can't be emphasised enough. Covering each possible attack vector and adopting every best practice out there can seem like a truly daunting task. Guides like this one help ...
Sunday February 9th, 2020 by Bjoern in Enterprise Software, Front End Development, Software, Web Applications
Read more

JSON Web Tokens: Downsides, Best Practices and Secure and Robust Alternatives

JSON Web Tokens (JWTs) nowadays are commonly used for transmitting authentication data in web applications, especially those exhibiting the widespread client-server architecture where you have a fat client / single-page application written in JavaScript as a front-end and a back-end server providing REST endpoints for use by that front-end client. However, while common there are good arguments against this practice. In a nutshell, JWT often are used for storing session data such user authorization and authentication information although they aren't particularly well-suited to ...
Sunday November 10th, 2019 by Bjoern in Enterprise Software, Front End Development, Software, Web Applications
Read more

Observatory by Mozilla: Security Checkup for Your Websites and Web Apps

Observatory by Mozilla is a security checkup tool for websites and web apps that both assesses your website in terms of HTTP security measures and best practices and also suggests approaches and techniques for further improving security. Observatory's goal is to provide developers with insights as to their applications' security standards as well as to educate developers about HTTP security options such as the Content Security Policy or HTTP Strict Transport Security headers and the respective standards and policies they implement. Observatory is ...
Sunday February 10th, 2019 by Bjoern in Front End Development, Software, Web Applications
Read more

Security Expert Mario Heiderich About AngularJS and Security

At beyond tellerrand in Düsseldorf this year security expert Mario Heidrich gave a fast-paced - if sometimes too abrasive for my liking - talk about security and AngularJS: This talk contains a lot of useful insights as to what to pay attention to in order to secure your AngularJS applications (or in fact any web application created with a modern JavaScript framework), as well as techniques and approaches security consultants and hackers (both the white and black hat varieties) use in order ...
Sunday June 19th, 2016 by Bjoern in Software, Web Applications
Read more