Spring Boot Application Over HTTPS

Introduction In this example I am going to show you how to start your spring boot application on HTTPS protocol. HTTPS is a secured protocol, whereas HTTP is unsecured protocol. So the data passed over the network using HTTPS protocol are generally encrypted data. The application which I am going to build is in the local environment and for this…

OWASP Top 10 Securities Consideration In Web Applications

Introduction Here I will discuss about OWASP top 10 securities considerations in web applications. These applications could be anything from standalone to enterprise to web applications. OWASP is an acronym that stands for Open Web Application Security Project (OWASP) and it is a global community that continuously focuses on the improvement of all types of software. A collective efforts from…

Working Principle of Content Security Policy (CSP) in Web Applications

Introduction Here in this tutorial I am going to discuss about working principle of content security policy (CSP) in web applications. What if you want to minimize attacks on your website, what if you want to restrict the content to be displayed on your web site for some security reasons, what if you want to prevent Cross Site Scripting (XSS)…

REST over Https with Client certificate Authentication

Introduction The tutorial, REST over HTTPS with client certificate authentication, will show you how we can use client certificate to handshake with server along with basic authentication for consuming the service. Even you can use header authentication along with client certificate to make more secure. I will create Spring Boot application on Spring REST API and build the application using…

Securing REST API: JWT Authentication using Python Flask

Introduction In this post we will see how to secure REST API with JWT authentication using Python Flask. JWT is an acronym for JSON Web Token. In previous example we have seen how to secure REST API using HTTP Basic Authentication which is not recommended for most of the time. Recommended Reading REST API CRUD Example using Python Flask and…

Securing REST API: Python Flask HTTP Basic Authentication

Introduction We will see an example on how to secure REST API using Python Flask. We will create a Python Flask HTTP Basic Authentication. Most of the web services that require authentication accept HTTP Basic Authentication. This is the simplest one, and request supports it straight out of the box. This HTTP basic authentication is not recommended as it is…

Gmail SMTP and Security settings for sending email

Introduction Here I am going to show you how to do Gmail SMTP and Security settings for sending email using programming language. You can use any server side technology for sending email using Gmail SMTP server. This example will show you only what configurations you need in order to send email and it does not show any concrete example for…

SOAP over HTTPS with Client Certificate Authentication

Introduction The tutorial, SOAP over HTTPS with client certificate authentication, will show you how we can use client certificate to handshake with server along with basic authentication for consuming the service. We have also seen how to authenticate by sending authentication information over http headers in SOAP web service but here we will use client certificate (jks file) as a…

@PreAuthorize Annotation – hasRole Example In Spring Security

Spring Security Has-Role In this tutorial I will show you an example on @PreAuthorize annotation – hasRole() example in Spring Security. @PreAuthorize is the most useful annotation that decides whether a method can actually be invoked or not based on user’s role. hasRole() method returns true if the current principal has the specified role. By default if the supplied role…

How Siteminder works

Introduction In this tutorial I will discuss how SiteMinder works as an SSO authentication system. This tutorial will give you technical insights of the working principle of SiteMinder system. The Web Application Firewall may integrate with SiteMinder to provide single sign-on and centralized management of web applications using the predefined security policies. It uniquely identifies a user before the user…