Author: Alexius Dionysius Diakogiannis

Why Governments Need To Favor Open Source Software for Enhanced Security and Transparency

Posted by Alexius Dionysius Diakogiannis on in Open Source
illustration of a cogweel with a lock

As governments around the world grapple with the increasing reliance on technology for delivering citizen services and ensuring national security, the debate over adopting open source software has never been more critical. With recent instances of cyberattacks and surveillance, the need for transparent and secure government software is paramount. This article explores the importance of transitioning government software to open source and highlights key concerns, challenges, and benefits associated with this shift. By examining real-world examples, we aim to emphasize the significance of open source software in improving security, transparency, and trust in public institutions. Continue reading “Why Governments Need To Favor Open Source Software for Enhanced Security and Transparency”

What are we going to do with this big heap of menhirs? The Importance of Evaluating Architecture Trends Within the Context of Your Business

Posted by Alexius Dionysius Diakogiannis on in Architecture
picture showing a roman village in Asterix with two romans discussing about what are we going to do with these menhirs

The story: Caesar has sent his top economist to Asterix’s village with a plan to get the Gauls to fight each other instead of the Romans. The economist starts buying menhirs from Obelix. Obelix becomes snooty, money-driven, and unpopular. But now the Romans have a different problem and the question arises:

What are we going to do with this big heap of menhirs?

In today’s fast-paced digital world, architecture trends can be tempting. However, following them dogmatically can be detrimental to your business in the long run. Instead, it’s crucial to evaluate architecture trends within the context of your unique needs and digital transformation goals.

A recent example of this is Amazon Prime Video’s live stream monitoring service. The team originally used a distributed microservices architecture, which caused overhead and was costly. Instead of sticking to their original approach, they made the bold decision to combine their microservices into a monolith and scale it. The result was a 90% reduction in architecture costs.
Continue reading “What are we going to do with this big heap of menhirs? The Importance of Evaluating Architecture Trends Within the Context of Your Business”

How to install SonarQube locally or in production to check your code for vulnerabilities, performance and maintainability

Posted by Alexius Dionysius Diakogiannis on in Core Java, Open Source, Security
A picture with a teenager starring. the caption sais looking at your code after one year. Did I wrote that?

Introduction

From Wikipedia: SonarQube (formerly Sonar) is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security recommendations. SonarQube can record metrics history, evolution graphs and provides fully automated analysis and integration with Maven, Ant, Gradle, MSBuild and continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc.). In other words it checks if what your team has written is secure, performs well, it is tested and easy to maintain.

Continue reading “How to install SonarQube locally or in production to check your code for vulnerabilities, performance and maintainability”

What is a watering hole attack and how can I defend myself?

Posted by Alexius Dionysius Diakogiannis on in Security

If you have any hunting experience or have been in a beer talk with hunting stories  you probably have came across the term “Watering Hole Attack“. In this attack the hunter is covered near an area with a water hole where animals go in order to drink water, feel safe and usually have their guards down and their instincts more relaxed. So they don’t have to track the prey and attack on the go but wait until it comes to it’s fate on it’s own. Very similar to this approach a hacker targets specific end users by infecting frequently visited websites with malware that spreads to the user’s device.

Continue reading “What is a watering hole attack and how can I defend myself?”

Spring Framework 6.0 goes GA

Posted by Alexius Dionysius Diakogiannis on in Spring

Spring Framework 6.0.0 is generally available from Maven Central now! It was quite some time since a major release last happened but this release focuses on 2023 for embracing current and upcoming innovations in OpenJDK and the Java ecosystem. At the same time, it is carefully designed it as a straightforward upgrade from Spring Framework 5.3.x

Continue reading “Spring Framework 6.0 goes GA”

Logging Failed and Successful Authentication Attempts with SpringBoot

Posted by Alexius Dionysius Diakogiannis on in Core Java, Security, Spring

Introduction

In the latest OWASP top 10 (OWASP Top 10:2021) list with, the well known standard awareness document for developers and web application security that represents a broad consensus about the most critical security risks to web applications, a mentioned is made regarding identification and authentication failures (A07:2021 – Identification and Authentication Failures). Previously known as “Broken authentication” it refers to the dangers a web application has from week authentication implementations. Bellow I am going to demonstrate the implementation of one of the counter measures which is to be able to log authentication attempts whether these are successful or not. Continue reading “Logging Failed and Successful Authentication Attempts with SpringBoot”

Don’t Abuse Java Parallel Streams

Posted by Alexius Dionysius Diakogiannis on in Core Java

A long long time ago I wrote an article regarding Can/Should I use parallel streams in a transaction context? that pointed out a part of the pitfalls regarding the erroneous usage of parallel streams. Recently I am seeing more and more usage of parallel streams with the false assumption that it will increase performance and not taking into account completely the potential issues. So let’s analyze the do’s and dont’s of parallel streams in Java. Continue reading “Don’t Abuse Java Parallel Streams”

[UPDATE] Log4j RCE 0-day vulnerability (CVE-2021-44228) mitigation actions

Posted by Alexius Dionysius Diakogiannis on in Security 3 Comments
CVE-2021-44228 - Log4j RCE 0-day mitigation

UPDATE 14/12/2021

I had an update from my very good friend and excellent consultant Stella Varvarigou in which she explained me that setting com.sun.jndi.rmi.object.trustURLCodebase and com.sun.jndi.cosnaming.object.trustURLCodebase to false does not fully mitigate the threat as it is possible to send the exploit code with the request.  [2]

Introduction

Apache Log4j, the most popular logging system, has announced a zero-day exploit CVE-2021-44228 on December 9, 2021 that results in remote code execution. Let’s analyze whys this happened and what can be done in order to mitigate the risk. Continue reading “[UPDATE] Log4j RCE 0-day vulnerability (CVE-2021-44228) mitigation actions”

Dockerizing Java Applications the right way

Posted by Alexius Dionysius Diakogiannis on in Core Java, Docker, Open Source, Spring
alexius diakogiannis dockerizing java applications

I have created a video and I am showing how to place your java application to a docker container BUT in addition I am showing you how to build the application in the container without needing java runtime in the host machine.

Hope you like it

Subscribe to my youtube channel: https://www.youtube.com/channel/UCw_oF0_P645jIECXAlh9Jsw

Use this url to dowload the awesome GitKraken software: https://www.gitkraken.com/invite/pPxN…

Gist: https://gist.github.com/diakogiannis/

Thanks perigialli tavern for giving the space to shoot: https://www.facebook.com/perigiali.estiatorio