Applications

The application security domain is a large one. First the security of the code, to protect from flaws such as buffer overflows, bad input validation, various kind of injections, etc. There are softwares, website, webservices, and all type of combination (webapps, webserice API client, AJAX everywhere, etc) . Another issue is the security of the data, in memory, in database, encryption...

The last articles

XSS : Get string without quote
Published on 2 January 2017
by Georges Michel

Good year 2017 :)

Yesterday I was stuck when I DOM-based XSSed a website which removes quotes, double-quotes, parenthesis and back-tick.

I don’t know if the trick is obvious because I didn’t search, but I found a pretty use of JavaScript RegExp short notation.

I haven’t found yet a (...)

Javascript -Java compatible encryption
Published on 7 April 2011
by Emeric Nasi

License : Copyright Emeric Nasi, some rights reserved

This work is licensed under a Creative Commons Attribution 4.0 International License.

Introduction

I decided a few weeks ago to create my own Java "stealth malware" I called Bromo. This malware’s goal is to test and demonstrate Java (...)

Modify any Java class field using reflection.
Published on 13 January 2011
by Emeric Nasi

License : Copyright Emeric Nasi, some rights reserved

This work is licensed under a Creative Commons Attribution 4.0 International License.

I. Reflection and Java security

For most Java developers, Java security comes from the use of keywords such as "private, protected, or final". (...)

Enable securitymanager for Spring and Hibernate
Published on 8 January 2011
by Emeric Nasi

License : Copyright Emeric Nasi, some rights reserved

This work is licensed under a Creative Commons Attribution 4.0 International License.

I. Tomcat security manager.

The basis of Java security is to enable the security manager.

The security manager allows you to associate a given (...)

Implement hash service using JCE
Published on 10 November 2010
by Emeric Nasi

License : Copyright Emeric Nasi, some rights reserved

This work is licensed under a Creative Commons Attribution 4.0 International License.

In this article I will present how-to simply use hash methods in your Java projects. I will also follow the Java coding security recommendation (...)