Last week, we had the author of TDD for a Shopping Website LiveProject. Friday at 11am Ranch time, Steven Solomon will be hosting a live TDD session just for us. See for the agenda and registration link
While any of the following may help solve security-related problems, keep in mind that security is a process, not a single product or technology. A technologically secure computer system does not help if someone can steal its hard drive, it's not backed up properly, or if its password is written on a Post-It note.
Q:Using JCE I am getting a BadPaddingException. What should I do?
A: Search the forums for "BadPaddingException" for several discussions on this. The gist is: don't use a String to store the encrypted text - use byte.
Q:Where can I get Java source code for the XYZ algorithm?
A:Bouncycastle is an open source library comprised of many and varied encryption algorithms, amongst them a full JCE implementation. The codes for the AES competition are also available Those include Rijndael (which became AES), RC6, Serpent, Twofish and Mars.
Q:I am getting an java.lang.SecurityException: Unsupported keysize or algorithm parameters. What gives?
A: One reason may be that you're using incorrect parameters for the algorithm, mode or cipher. Check the above-mentioned list of algorithms for what is available. Another reason may be that you don't have the unlimited jurisdiction policy files installed; these can be downloaded from the same place you download the J2SE JDK.
Q:Which message digest (or hash) algorithm should I use?
A: At this point, the various RC, MD and SHA-1 algorithms should no longer be used. SHA-2 is the way to go; it's available in Java in the SHA-256, SHA-384 and SHA-512 variants. (A NIST competition has selected a SHA-3 standard, but it's not yet part of the JRE, and anyway offers no fundamental advantage over SHA-2.)
Web service security
This article is part of the Axis documentation, but it's generally applicable.
The Open Web Application Security Project (OWASP) is a free and open application security community. The OWASP page contains many useful links.
Books - Soft copies for many of the books can be downloaded for free.
Video Links - Videos of presentations made by OWASP members at various conferences.
''I'm getting a "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target " exception. What gives?'' Don't Panic!Here's the solution. and here's the code that goes with it