//AMIS Technology Blog » security

Posts tagged security

Vacatures bij AMIS services

iOS App Security – Backgrounding screenshot

0
2 weeks ago
by Rutger van Iperen in ,

Every time security of apps comes up in any conversation it turns out a lot of people are unaware of this being an issue at all. Simple things like the screenshot iOS takes every time your app gets backgrounded are not the common knowledge I expected it to be by now. In this blog post I wanted to share a few things I learned during a course by Ken van Wyk.

First of all, a must have is Macroplants iExporer. This will let you browse any connected iDevice, including some of the data that gets stored within the apps on the device. Using this tool to have a look at the apps your have built will show you what data is easily accessible for anyone who can hookup the device to their computer. (Spoiler: Even locked and password protected devices can be browsed through iExplorer). Download it here and use it to your advantage.

A lot of these security ‘issues’ have everything to do with knowing the platform you are building for. Take for example the backgrounding issue mentioned earlier. As it turns out, iOS will take a screenshot of your app every time it is sent to the background. This screenshot is later used to make your iPhone look a bit quicker when you open your app again, while the More >

SIG Event

WebLogic 11g:Override Production enabled Security

1
2 years ago
by Michel Schildmeijer in ,

When you configure yor domain in WebLogic 11g, by screen install or by scripts, when you choose Production Mode security will be more strict as in Development Mode.

Normally it would require a boot.properties afterwards to create in order to start; anyway, all kinds of unnecessary steps.

In a scripted install with WLST , here is a way to override it… watch wonderous python!:lol:

First, in your script define some variables:

def createBootPropertiesFile(domain_dir, username, password) : if not os.path.exists(domain_dir + “/servers/” + “AdminServer” + “/security”): os.makedirs(domain_dir + “/servers/” + “AdminServer” + “/security”) filename=(domain_dir + “/servers/” + “AdminServer” + “/security/boot.properties”) f=open(filename, ‘w’) line=’username=’ + username + ‘\n’ f.write(line) line=’password=’ + password + ‘\n’ f.write(line) f.close() else: print ‘domain_dir + “/servers/” + “AdminServer” + “/security” exists’

Then, finally in your WriteDomain statement include

writeDomain(properties.domain_dir) if (properties.production_mode_enabled): createBootPropertiesFile(properties.domain_dir, ‘weblogic’, properties.weblogic_password) else: print ‘Dry run completed, if you still have an More >
SIG Event

AMIS Query: A (hacking :) event with Oracle ACE Director Pete Finnigan

0
3 years ago
by Marco Gralike in , , ,

Zoals al aangekondigd in een eerdere blogpost heeft AMIS in samenwerking met Miracle Benelux, Masterclass trainingen, de mogelijkheid om vlak voor de twee daagse Masterclass in Utrecht van Oracle ACE Director en Oracle Security expert Pete Finnigan uit Engeland, een AMIS Query te organiseren. Beveiliging van je data en de focus hierop is vaak een ondergeschoven kindje. Iedereen is zich er waarschijnlijk wel van bewust dat data verlies via beveiligingslekken door bijvoorbeeld architectuur, programmatuur of onderliggende ondersteunende software, een gevoelig punt is in de organisatie. Het security gedachtengoed heeft echter ook impact op design en performance.

Een stukje van de sluier, van het beveiligings gedachtengoed, zal Pete Finnigan met ons delen tijdens de 25e Mei.

Hierbij de agenda voor de avond:

  • Vanaf 17:30/18:00 uur is iedereen welkom voor het diner.
  • Vanaf 19:00 uur zal Pete Finnigan, ingaan tijdens zijn presentatie en demo’s  “Oracle Database Security – (The True State?)“:
      • Focus op database security werk
      • Enkele realistische “hacking” demo’s / scenario’s
      • Discussie stuk t.a.v. de getoonde hacking demo’s
      • De correcte manier om data te beveiligen
  • Rond 21:00 uur More >
SIG Event

ADF: simple EL expression to a method with params on a bean

3
3 years ago
by Emiel Paasschens in , , , , ,

Based upon an old blogpost of Lucas “How to call methods from EL expressions- pre JSP 2.0 trick for JSPs with JSTL” I’ve created an ADF bean with a method that accepts params which you can call with a EL expression. In this example I’ve created my own SecurityBean, so you can write EL expressions like “#{securitybean.isUserInRole['KING,ADMIN']}”. Of course you can apply this concept to each bean you want to.

The idea is pretty simple. Use an innerclass that implements the getObject method of the map interface with your specific argument method and in your bean return an instance of this innerclass on the method with a readable and sensible name.

(the blog of Lucas explains why to use a class with a map interface).

(more…)

SIG Event

Oracle Database Vault: The ultimate protection for your application data.

4 years ago
by Matthieu de Graaf in ,

Some time ago, I discussed security in Oracle databases with a customer and explained the role structure in the Oracle database. I explained to him that ultimately it’s the DBA who assigns roles and privileges to the users of an application and it’s the DBA who is the almighty, most powerful user with almost unlimited access to data and abilities to modify a database. With all this security in place, who’s going to prevent to DBA from using his powers in a malevolent way, was my customers question? To be honest, until that moment I’d never given that possibility a thought. I’d always seen DBA’s as hardworking, loyal and honest people who watch over their applications as a mother over her child. But obviously my customer was right about who’s going the check the DBA. This can’t be done be introducing another super-super user, because who’s going to check him? (more…)

Go to Top