Author: George Georgovassilis

Advanced web security topics

(Updated 22 May 2020) This post discusses web security issues that I come across - so far thankfully mostly by reading about them. It is a work in progress which I'll keep updating. The post title includes "advanced" because the topics discussed here involve clever, non-trivial hacks, are novel at the time of their publication … Continue reading Advanced web security topics

End-to-end testing Java web applications with an embedded Tomcat

 In this instalment on assembly testing [1] I'll talk about how automated system tests run over my Java web applications. The set-up is rather cheap, not very labour-intensive and can incrementally evolve from a simple assembly test (aka smoke test) to a full-fledged system test. Since this post is rather concrete naming tools and frameworks, … Continue reading End-to-end testing Java web applications with an embedded Tomcat

Securing a development server

In this post I talk about setting up and securely operating development tools like Jenkins and Gitlab on a server connected to the internet. All applications run behind a firewall and a reverse HTTP proxy which allows only HTTP requests from selected users through who authenticate themselves with client certificates. Putting web-facing software on the … Continue reading Securing a development server

Defensive software architecture

In this, hopefully, last post on this blog of the year I will try to gather my scattered thoughts on software architecture and specifically the need for defensive software architecture, and substantiate it with anecdotal evidence from my own project work. I will first talk about my definition of architecture and that of an architect … Continue reading Defensive software architecture