Category: General

Stormpath Chosen by GigaOm as a Finalist for Structure Launchpad

We’re excited to announce that Stormpath has been chosen as a finalist in GigaOm’s Structure Launchpad. It’s great to be recognized for the progress we have made so far, with the fantastic help of our developer community and beta users. We look forward to sharing our traction on stage in June. If you want a …

GitHub Roundup of New Apache Shiro Projects

I’ve been spending a lot of time thinking about how to connect Apache Shiro developers to eachother and the many cool projects going on in the Shiro ecosphere. Digging around, I was shocked (yes, shocked!) and delighted by some of the awesome Shiro projects active on github. Here’s a little round up of projects active …

Stormpath Launches Private Beta, Announces Funding

We have been pretty quiet for the last few months, but things at Katasoft have been very busy under the hood. Today, we’re officially coming out of stealth, launching private beta of our Identity Infrastructure product, and announcing the renaming of the company from Katasoft to Stormpath. With a seed round led by Flybridge and …

What’s New in Apache Shiro 1.2

Apache Shiro 1.2.0 was released on Tuesday, January 24 2012 with a lot of new features and improvements that most of the community will find useful. Thanks to everyone who contributed to this release; it was a significant undertaking and reflects a big step forward for the project. In this article, we’ll break the improvements …

Strong Password Hashing: Part 2

In my first post on Strong Password Hashing, we discussed that the solution for the most common way to secure passwords, even with the possibility of brute force attacks, was to incorporate a computation time component.  This technique essentially makes the password hashing process computationally expensive such that an attacker using brute force would have …

The New RBAC: Resource-Based Access Control

This article discusses how security policies are managed using the concept of Roles and how the predominant role-based mechanism for securing applications is largely insufficient.  I discuss what I believe is a much better way of securing applications. What is a Role? When speaking about application security, most people are comfortable with the existing concept …

Strong Password Hashing with Apache Shiro

JSON Web Token (JWT) is a useful standard becoming more prevalent, because it sends information that can be verified and trusted with a digital signature. In their most basic form, JWTs allow you to sign information (referred to as claims) with a signature and can be verified at a later time with a secret signing …

What is an X.509 Certificate?

An X.509 certificate is something that can be used in software to both: Verify a person’s identity so you can be sure that the person really is who they say they are. Send the person who owns the certificate encrypted data that only they will be able to decrypt and read. To be fair, X.509 certificates …