Blog Archives

15 Security key area interview Q&A for Java developers

Q1. Can you provide a high level overview of the “access control security” in a recent application you had worked? A1. As shown below, SiteMinder is configured to intercept the calls to authenticate the user. Once the user is authenticated, a HTTP header “SM_USER” is added with the authenticated user...

Members Only Content

This content is for the members with any one of the following paid subscriptions:

45-Day-Java-JEE-Career-Companion, 90-Day-Java-JEE-Career-Companion, 180-Day-Java-JEE-Career-Companion, 365-Day-Java-JEE-Career-Companion and 2-Year-Java-JEE-Career-Companion Log In | Register | Try free FAQs | Home
Tags:

Debugging java.security.cert.CertificateException: Certificates do not conform to algorithm constraints

Why? You may have a certificate with SHA1RSA key size less than 1024 bits or you have a certificate in your chain that uses MD2RSA.

Explanation? MD2 was widely recognized as insecure and thus disabled in Java in version JDK 7 onwards.

Read more ›



Debugging SSL issues in Java & tools to debug

Q1. What are some of the issues you encounter with SSL handshake? A1. Some of the issues you try to debug are Presence of a valid certificate in trust store Incorrect certificate chains in the client or server truststore Invalid key algorithm used for private keys Expired certificate Incorrect passwords...

Members Only Content

This content is for the members with any one of the following paid subscriptions:

45-Day-Java-JEE-Career-Companion, 90-Day-Java-JEE-Career-Companion, 180-Day-Java-JEE-Career-Companion, 365-Day-Java-JEE-Career-Companion and 2-Year-Java-JEE-Career-Companion Log In | Register | Try free FAQs | Home


Encryption and Decryption interview Q&A

Q1. What do you understand by the terms encryption and decryption? A1. Encryption is the process of converting clear data (e.g. database password, credit card number, etc) to incomprehensible cyberyext like “š£”Œz_fÓe©ˆ»[” by applying mathematical transformations. These transformations are known as encryption algorithms and require an encryption key. … Read...

Members Only Content

This content is for the members with any one of the following paid subscriptions:

45-Day-Java-JEE-Career-Companion, 90-Day-Java-JEE-Career-Companion, 180-Day-Java-JEE-Career-Companion, 365-Day-Java-JEE-Career-Companion and 2-Year-Java-JEE-Career-Companion Log In | Register | Try free FAQs | Home


HTTP Basic Authentication Interview Q&A for Java developers & architects

Q1. What do you understand by the term “HTTP Basic Authentication”? A1. HTTP Basic authentication is the simplest “access controls” technique for web resources like RESTful web service call. It doesn’t require cookies, session identifier and login pages. You need to pass just username and password to the resource. …...

Members Only Content

This content is for the members with any one of the following paid subscriptions:

45-Day-Java-JEE-Career-Companion, 90-Day-Java-JEE-Career-Companion, 180-Day-Java-JEE-Career-Companion, 365-Day-Java-JEE-Career-Companion and 2-Year-Java-JEE-Career-Companion Log In | Register | Try free FAQs | Home


Injection attack prevention Q&A

Q1. What are the different types of injection security vulnerabilities? A1. SQL Injection, Log Injection, HTTP Response Splitting, XPath Query injection, and LDAP injection. Q2. What is an SQL injection vulnerability, and how will you go about preventing it? A2. … Read more ›...

Members Only Content

This content is for the members with any one of the following paid subscriptions:

45-Day-Java-JEE-Career-Companion, 90-Day-Java-JEE-Career-Companion, 180-Day-Java-JEE-Career-Companion, 365-Day-Java-JEE-Career-Companion and 2-Year-Java-JEE-Career-Companion Log In | Register | Try free FAQs | Home


Preventing XSS attacks in Java

Cross Site Scripting (XSS) is one of the most common security problems in today’s web applications, and the second most common is the SQL injection attack. Both account for ~ 70% to 80% of the security threats of which XSS attacks are accountable for ~ 50% to 60%. Q1. …...

Members Only Content

This content is for the members with any one of the following paid subscriptions:

45-Day-Java-JEE-Career-Companion, 90-Day-Java-JEE-Career-Companion, 180-Day-Java-JEE-Career-Companion, 365-Day-Java-JEE-Career-Companion and 2-Year-Java-JEE-Career-Companion Log In | Register | Try free FAQs | Home


Security holes & how to fix them interview Q&A

Security is of paramount importance to any application or website. Applications with security vulnerabilities can not only tarnish the reputation of a company, but also can adversely impact the bottom-line of that organization. So, it really pays for the organizations to have the right people who can identity potential security...

Members Only Content

This content is for the members with any one of the following paid subscriptions:

45-Day-Java-JEE-Career-Companion, 90-Day-Java-JEE-Career-Companion, 180-Day-Java-JEE-Career-Companion, 365-Day-Java-JEE-Career-Companion and 2-Year-Java-JEE-Career-Companion Log In | Register | Try free FAQs | Home
Tags:

Session Hijacking prevention Questions & Answers

Q1. Does the following code pose any security risk? if yes, how will you fix it? A1. The above code is a security risk. Never store sensitive data in a cookie. Instead, save it in the session on the server side, and store the session id in the cookie. …...

Members Only Content

This content is for the members with any one of the following paid subscriptions:

45-Day-Java-JEE-Career-Companion, 90-Day-Java-JEE-Career-Companion, 180-Day-Java-JEE-Career-Companion, 365-Day-Java-JEE-Career-Companion and 2-Year-Java-JEE-Career-Companion Log In | Register | Try free FAQs | Home


Spring security tutorial

Spring security pre-authentication scenario assumes that a valid authenticated user is available via  either Single Sign On (SSO) applications like Siteminder, Tivoli, etc or a X509 certification based authentication. The Spring security in this scenario will only be used for authorization.

The example shown below retrieves the user name via the HTTP headers.

Read more ›



SSL and truststore vs keystore for Java developers

Q. What do you understand by the terms trusstores and keystores in Java? A. You generally need a truststore that points to a file containing trusted certificates, no matter whether you are implementing the server or the client side. … Read more ›...

Members Only Content

This content is for the members with any one of the following paid subscriptions:

45-Day-Java-JEE-Career-Companion, 90-Day-Java-JEE-Career-Companion, 180-Day-Java-JEE-Career-Companion, 365-Day-Java-JEE-Career-Companion and 2-Year-Java-JEE-Career-Companion Log In | Register | Try free FAQs | Home


SSL in Java with Keytool to generate public-private key pair

Step 1: Create public-private key pair: Using keytool utility, which is packaged in %JAVA_HOME%/bin/keytool.exe you can create “public-private” key-pair. This means the public and private keys are mathematically related so that encrypting with one key can be decrypted with the other key,

Read more ›



Understanding service and socket timeouts in Java enterprise applications

Q. Why is it important to set proper timeout values in your applications?
A. Security and performance.

Security reason: it is often necessary to control how long a Web Service client or other valuable clients invoking valuable resources like database connections,

Read more ›



By topics – 800+ Q&As ♥ Free ♦ FAQ

open all | close all

Java 200+ FAQs – Quick Brushup

open all | close all

100+ Java Tutorials step by step

open all | close all

13+ Tech Key Areas to standout

open all | close all

Java coding exercises

open all | close all
Top