Posts tagged "Security"

Authenticate Jakarta EE apps with Google using OpenID Connect

Last updated
Authenticate Jakarta EE apps with Google using OpenID Connect

In one of my pet projects, I’m writing a Jakarta EE web application where I want users to authenticate using Google. Easy, you would say, as Jakarta EE 10 includes Jakarta Security 3.0, which has support for OpenID Connect authentication. Took me a bit more time to figure out how to get it working, and to save you from having to do that, here’s what I found.

Read more... →

Securing Apache HTTPD with Microsoft Active Directory

Last updated

Recently, I was building a website with documentation for one of the projects I’m involved with. I wanted to protect access to that website to a specific set of people inside my company. Here’s how I did it.

Read more... →

How does BEAST work?

Last updated

Last month, I did a talk at GOTO Berlin where I explained the basics of Transport Layer Security. During the talk, the audience asked a few questions through the app. One of them was: “How does Beast work?” and I wasn’t able to answer that one on stage, unfortunately. Since it’s an interesting question, I’ll answer it here. Unfortunately, understanding BEAST is a bit harder than the talk itself…

BEAST stands for Browser Exploit Against SSL/TLS. In itself, it isn’t a vulnerability. Thai Duong and Juliano Rizzo made a demonstration of a longer-known vulnerability. This vulnerability was published back in 2004 and applied to SSL 3.0 and TLS 1.0. BEAST showed that this old vulnerability was in fact useable for a real-world attack.

Read more... →