The Journal (Page 3)

Brennenstuhl on Security Engineering

Striking the Perfect Balance: How to Design a Strong Password Policy That's User-Friendly & Effective
How to Make Your Login Forms Password-Manager Friendly

How to Make Your Login Forms Password-Manager Friendly

In this article, I explore the importance of creating password-manager friendly login forms for a seamless user experience and enhanced web security.

· 6min read · Updated!
Learning AssertJ: Null ain't Blank

Learning AssertJ: Null ain't Blank

This AssertJ bug could lead to severe issues: In Java, a blank String is a CharSequence that is empty, null or whitespace only – except when you use AssertJ!

· 2min read · Updated!
The Purpose of JWT: Stateless Authentication

The Purpose of JWT: Stateless Authentication

JSON Web Token (JWT) allow you to establish stateless authentication. I explain why this is important and what's the fundamental difference to stateful authentication.

· 9min read · Updated!
On Making Spring Security OAuth RFC-compliant

On Making Spring Security OAuth RFC-compliant

On Fixing Spring Security OAuth: I fixed a small HTTP header extractor for the Spring Security OAuth open source project recently. Here's what happened & what I learned...

· 4min read · Updated!
Weak Crypto in Google Cloud Platform, Github SAML Attack & Twitter Security UX

Weak Crypto in Google Cloud Platform, Github SAML Attack & Twitter Security UX

Want to use JWT for password-reset or email activation? Turn app state into HMAC-keys to guarantee one-time use of JWTs! This is how it works …

· 3min read · Updated!
Single-Use JWT: Unlocking the Power of Stateless One Time Token

Single-Use JWT: Unlocking the Power of Stateless One Time Token

I delve into the transformative potential of JWTs as one-time tokens, exploring their advantages, implementation considerations, and real-world use cases.

· 7min read · Updated!