Introduction to Public Key Encryption for Managers
In this first article of a series I’m going to start by explaining a little bit about Public Key encryption which is one of the fundamental building blocks of SSL.
Author: Brett Crawley (28)
Brett is a Seasoned Application Security Engineer and Thought Leader with a Proven Track Record in Software Engineering and Security Best Practices.
Brett has over 10 years of application security experience and 25 years in software engineering. He holds (ISC)² certifications including CISSP, CSSLP, and CCSP. As the author of Threat Modeling Gameplay with EoP and the project lead for the OWASP Application Security Awareness Campaigns, Brett actively contributes to the security community. He also maintains the Ostering.com blog, where he shares insights on security practices.
Brett has successfully collaborated with teams to define security best practices and integrate security by design into their software development lifecycle (SDLC). His training initiatives in threat modeling have led to significant improvements in design quality and security awareness within organizations.
In his spare time, Brett enjoys sports, gardening, cooking, and photography. He is fluent in both English and Italian and holds dual citizenship.
Key Skills: Secure by Design, Privacy by Design, Threat Modeling (STRIDE, EoP, Privacy, LinddunGO, Plot4AI), Secure Coding, Vulnerability Management, and more.
Brett welcomes connections and opportunities to collaborate on innovative security solutions.
SAML Single Sign on With JBoss Wildfly and Picketlink
Following on from my previous article about configuring SAML SSO with Tomcat and Picketlink this time I will show you how to do the same thing with JBoss Wildfly.
Kerberos User Impersonation on Tomcat with Apache
If you are using Kerberos for single sign-on SSO and want to be able to make http requests impersonating the end user to third party systems you can do this using the HttpClient that is part of the Apache HttpComponents project.
SAML Single Sign-On with Tomcat and PicketLink
In this article I’ll give you an introduction to SAML Web Browser Single Sign On Profile using POST and how to configure it in Tomcat.
ANTLR and JavaCC Parser Generators
The pros and cons of both ANTLR and JavaCC when parsing, small to medium size pieces of code as is often the case with, domain specific languages.
Security Misnomers
In this article I’m not going to talk about IT security, instead I’m going to talk about the fallacies of security in our everyday lives in the real world.
Configuring Tomcat 7 Single Sign-on with SPNEGO (Kerberos & LDAP) Part 2
In this recipe you will see how to configure authentication cross forest and how you might implement cross forest authorization.
Programming Language Peculiarities: Java WAT!
I program in Java pretty much every day or at least every week day. Yet I could think of very few peculiarities.
Configuring Tomcat Single Sign-on with SPNEGO (Kerberos & LDAP)
So what is SPNEGO? SPNEGO stands for Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO). It is a mechanism by which an authenticating body negotiates with the authenticator what security protocol to use, for example Kerberos, NTLM, Digest or Basic
Programming Language Peculiarities: JavaScript WAT!
Last week I wrote about some of the strange statements that are considered syntactically correct in Ruby. This week I am going to write about function scoping peculiarities with JavaScript. Firstly there are a number of ways you can define functions in JavaScript
How Is Learning a Human Language Like Learning a Computer Language
As programmers we get used to moving from one programming language to another, among language families this is relatively simple. When I refer to programming language families, for the purpose of this article I mean high level or low level languages.
Getting Results
A TED talk to get you motivated
Browse all Topics
- ANTLR
- Application Security
- AppSec
- Authentication
- Authorization
- Awareness
- CAPEC
- Centrality
- Certificates
- Compiler Compilers
- Compliance
- Dependency Analysis
- Digital Signatures
- Elevation of Privilege
- English
- Framework Fixators
- Games
- Grammar
- Graph Analysis
- GSSCredential
- Hashing
- HttpClient
- HttpComponents
- Inner-Source
- IT Extremists
- Java
- JavaCC
- JavaScript
- JBoss
- JNDI Realm
- Kerberos
- Key Distribution Center
- languages
- LDAP
- learning
- Legislation
- Manners
- Mitre
- Motivation
- Origins
- Osteria
- OWASP
- PageRank
- Parser Generators
- PicketLink
- Posters
- Programming Languages
- Public Key Cryptography
- Python
- Risk
- Running
- SAML
- SCA
- Scrum Nazis
- Scrum Talibans
- Security
- Social Engineering
- SSL
- SSO
- Strategy
- STRIDE
- Threat Modeling
- TLS
- Tomcat
- Top 10
- TRIM
- Vulnerability Management
- Wildfly