Securing web apps using OWASP ZAP in Passive Mode

An introduction into OWASP ZAP
Dec '13

Securing web apps using OWASP ZAP in Passive Mode

The OWASP Zed Attack Proxy is a powerful open source web application security assessment tool. Even in passive mode, where it just inspects the traffic generated by your browser, it can give valuable pointers for securing your web application against abuse. In this blog post I will explain how to configure your browser to use the OWASP ZAP Proxy to click through a web application running on local host. Also I will explain its various findings and how to solve them. Learn more...

Mar '13

The Dark Secret of Spring MVC

Do you use Spring MVC in a basic CRUD setup, like with an OpenSessionInView filter and your Entities also as Data Transfer Objects? Then you may have exposed more of your model than you've anticipated. Learn more...

Mar '11

Mutually Assured Destruction

I've always loved the classic movie War Games, so when Robert asked me if I could make something special for a company event I knew just what to make: Turnbased Nuclear War. Interestingly enough the whole Cold War political situation proved to be an excellent metaphor for real life project situations. Learn more...