This blog is a platform for me to share my knowledge in the area of software development.
In this blog, you will take a closer look at Spring Security. More specifically Spring Security in combination with Keycloak using OpenID Connect. All supported by means of examples and unit tests. Enjoy!
Continue reading “Secure Your Spring Boot Apps Using Keycloak and OIDC”
In this blog, you will learn how to set up the OpenID Connect Authorization Code Flow using Keycloak. You will execute the flow yourself in order to get a better understanding of OIDC. Enjoy!
Continue reading “Setup OpenID Connect with Keycloak: A Step-by-Step Guide”
A Software Bill of Materials (SBOM) is getting more and more important in the software supply chain. In this blog, you will learn what an SBOM is and how to build the SBOM in an automated way. Enjoy!
Continue reading “How to Build an SBOM”
Regularily checking for vulnerabilities in your pipeline is very important. One of the steps to execute is to perform a vulnerability scan of your Docker images. In this blog, you will learn how to perform the vulnerability scan, how to fix the vulnerabilities and how to add it to your Jenkins pipeline. Enjoy!
Continue reading “How to Check Docker Images for Vulnerabilities”
In the previous posts, you learned how to use ZAP with the Desktop client and via the command line with ZAP CLI. This post, you will learn how to use the Docker images which are provided by OWASP. This will even make it easier to automate ZAP, especially in a CI/CD pipeline.
Continue reading “Automate ZAP With Docker”
In the previous post, you learnt how to execute an automated penetration test by means of Zed Attack Proxy (ZAP). This time, you will learn how to execute the test via a Command Line Interface (CLI) which will make it possible to add the test to your CI/CD pipeline.
Continue reading “Automated Pen Testing With ZAP CLI”
In this post, you will learn how to execute penetration tests with OWASP Zed Attack Proxy (ZAP). ZAP is a free web app scanner which can be used for security testing purposes.
Continue reading “Automated Pen Testing With Zed Attack Proxy”
We will take a look at how we can get more acquainted with the OWASP top 10 vulnerabilities. After a short introduction about OWASP, we will show you how you can make use of WebGoat and WebWolf to get a better understanding of the OWASP top 10 vulnerabilities.