10 December 2013
Securing Web Applications using OWASP ZAP in passive mode
In this blog post I will explain how to configure your browser to use the OWASP ZAP Proxy to click through a web application running on local host. Also I will explain its various findings and how to solve them.
02 September 2013
Native JSON handling in Java with EasyGson
Can you handle JSON natively in Java? The very short answer: no. It is possible to get a near-native JSON handling experience, for example with EasyGson. There is a price to pay, though. You will have to forgo standard Java best practices and accept that the JSON itself can be the master data source in your domain.
13 August 2013
Java heap start (-Xms) in practice
The discussion on start (-Xms) and maximum (-Xmx) heap memory in Java is and old one. The consensus among admins is that both settings are best set to equal values in order to prevent internal Java reorganizations when heap changes are required. Before you follow this advice, you best understand that the starting heap is not fully claimed at the OS level and also that some garbage collection runs may not be triggered at all in your application.
11 June 2013
Explore the vulnerabilities of Spring with Poreus
20 May 2013
Liberating data from Encrypted TPS Files
First there is the password. It is passed as a parameter to the TPS driver. Oddly enough it is called the 'owner' parameter. With the password a key is generated which is used to encrypt and decrypt the data. The effect is pretty dramatic.
07 May 2013
Keeping your integration tests isolated from each other
29 April 2013
Try the Dutch OpenStack Swift with JavaSwift JOSS
16 April 2013
Mockito / PowerMock vs JMockit
09 April 2013
Recovering from database constraint violations in Java
26 March 2013
The dark secret of CRUD applications using Spring MVC
The easy to use Databinding of Spring MVC will, unconfigured, bind any property in the incoming POST to your domain model, including those not present in the form. To make matters worse, it is also possible to navigate property paths and modify other objects in the domain model. They will get saved too if you have a transaction because of Hibernate's automatic dirty checking. If you use Spring Roo with Hibernate and Spring MVC this is the default behavior.
In this blogpost, I will demonstrate this feature and show you how to fix it.