About #security

At the end of 2018, I had a pleasure to give a talk at Testwarez - the oldest testing-oriented conference organized in Poland. The recording recently appeared on YouTube, so I decided to take this opportunity to figure out what has changed through the past few months in terms of tools that I presented.

The goal of my talk was to present some practices and open source tools for improving the overall security of Java-based projects. Including them as a part of the delivery pipeline (static code analysis, build process, Docker images creation, etc.) sets up a regular and automated “security audits” routine even without a dedicated security team. Please don’t get me wrong - it doesn’t mean that we don’t need pentesters (“security magicians” in general) or external audits anymore. I believe that if some of their work could be done in an automated manner every day then it should make our apps noticeably more secure and reduce the number of vulnerabilities that could be found later on.

A combination of 3 digits - this is the level of protection offered by the vast majority of luggage cases on the market. 3 digits secret code, that should keep all your personal belongings safe at the aircraft, lobby and hotel room. Lots to expect for just 3 digits…

The cryptographic world changed a lot since 2008 when Google’s Keyczar library showed up. However, one thing is still the same - effective cryptography is really hard to implement. Keyczar library was a quite successful attempt to provide easy to use crypto solutions based on current security standards to Java, Python and C++. Now, after 9 years of its development, the future doesn’t look so bright.

Ain’t no sunshine when it’s old

In the late 2016 Keyczar’s maintainers announced that: