Latest Posts Under: Security

I have been member of Paypal for quite some time, and I use it rarely. When I use it, I want it to be a quick, seamless experience. I log in, do my business, log out. Thats it. Reality is different. Although I must admit, it does not help that I forget my password every time. Since I use Paypal every 6 to 12 months I can’t get it in my muscle memory. I bought 1password a while back to help me remember only one password (you don’t say?) and let it generate strong, secure passwords…. Read Article →

Recently I have had the opportunity to fix a cross-site-scripting problem. The problem: a lot of JSON objects are being sent over the wire and the data is not being html escaped. This means that anyone who would put html data IN would get it out and make any user vulnerable for XSS attacks. In this case, JSON objects are being created by using the MappingJacksonHttpMessageConverter. This is deliverd by the Spring framework. Normally it is instantiated when you use spring-mvc (using the mvc-annotation tag). This allowed us to just return an object and the… Read Article →

Scroll To Top