Blog ►

List News Background articles Commentaries Development/Java IT Security Computer Guides & Tips

HissenIT Blog: IT Market and Computers / Background Articles and Knowledge

You can follow this blog through this news feed or our social media channels.
Previous publications can be found in the publication archive.

Secure Programming of Web Applications: Authentification

Added on 12/28/2020 by Frank Hissen

We can read about numerous successful attacks on well-known web applications on a weekly basis. Reason enough to study the background of "Web Application Security" of custom-made / self-developed applications - no matter if these are used only internally or with public access. ...

Secure Programming of Web Applications: Session-Hijacking

Added on 12/21/2020 by Frank Hissen

We can read about numerous successful attacks on well-known web applications on a weekly basis. Reason enough to study the background of "Web Application Security" of custom-made / self-developed applications - no matter if these are used only internally or with public access. ...

Secure Programming of Web Applications: Clickjacking

Added on 12/15/2020 by Frank Hissen

We can read about numerous successful attacks on well-known web applications on a weekly basis. Reason enough to study the background of "Web Application Security" of custom-made / self-developed applications - no matter if these are used only internally or with public access. ...

Secure Programming of Web Applications: Remote File Inclusion (RFI) and Local File Inclusion (LFI) resp. Directory/Path Traversal

Added on 12/08/2020 by Frank Hissen

We can read about numerous successful attacks on well-known web applications on a weekly basis. Reason enough to study the background of "Web Application Security" of custom-made / self-developed applications - no matter if these are used only internally or with public access. ...

Secure Programming of Web Applications: Open Redirection

Added on 12/01/2020 by Frank Hissen

We can read about numerous successful attacks on well-known web applications on a weekly basis. Reason enough to study the background of "Web Application Security" of custom-made / self-developed applications - no matter if these are used only internally or with public access. ...

Secure Programming of Web Applications: Cross-Site Scripting (XSS)

Added on 11/27/2020 by Frank Hissen

We can read about numerous successful attacks on well-known web applications on a weekly basis. Reason enough to study the background of "Web Application Security" of custom-made / self-developed applications - no matter if these are used only internally or with public access. ...

Secure Programming of Web Applications: Cross-Site Request Forgery (CSRF)

Added on 11/20/2020 by Frank Hissen

We can read about numerous successful attacks on well-known web applications on a weekly basis. Reason enough to study the background of "Web Application Security" of custom-made / self-developed applications - no matter if these are used only internally or with public access. ...

Secure Programming of Web Applications: SQL Code Injection

Added on 11/14/2020 by Frank Hissen

We can read about numerous successful attacks on well-known web applications on a weekly basis. Reason enough to study the background of "Web Application Security" of custom-made / self-developed applications - no matter if these are used only internally or with public access. ...

Data Security through Cryptography - Interview with Frank Hissen

Added on 06/09/2019 by Frank Hissen

IT Security Expert and Computer Scientist Frank Hissen talking about cryptography and how cryptography helps to protect our data security during our private and professional everyday life. ...

Internet Security: Why cryptography (and encryption) is essential

Added on 06/03/2019 by Frank Hissen

Internet connections are no direct lines. Every intermediary component holds full access to your Internet traffic. That means: read, alter, redirect, discard. Or put another way: manipulate, record, log, render unusable. ...

Attention when choosing an Encryption solution - Weakness in Password manager of Firefox and Thunderbird

Added on 03/21/2018 by Frank Hissen

An "IT security researcher" recently engaged attention on a seemingly older, known weakness in Mozilla's password managers of Firefox and Thunderbird. Core problem is the way of dealing with the master password (keyword: secure password hashing). We recommend for years to pay close attention - when choosing an encryption software - which password hashing procedure is used. Otherwise, you eventually have no real data encryption at all. We try to provide some clear background information. ...

"IT Security for Project Managers" now also as Kindle e-Book

Added on 09/18/2016 by Frank Hissen

Our Whitepaper/Guideline is now also available as e-book for Amazon's Kindle (English/German). ...

IT Security for Project Managers: About implementing security in IT projects properly – A Guideline

Added on 05/23/2016 by Frank Hissen

Despite many accepted IT security standards, many IT projects fail at IT security. What needs to be considered, what mistakes and pitfalls to avoid. ...

Say no to plain passwords: Secure Password Hashing

Added on 11/02/2015 by Frank Hissen

Plaintext passwords should not be used anymore. You are probably using a web shop software framework that takes already care of this. Most application frameworks in the world do not use plain passwords anymore but password hashes instead. ...

Encryption background: What is key wrapping?

Added on 10/07/2015 by Frank Hissen

Key wrapping is a simple technique in cryptography that is used in almost all common encryption technologies. ...

Open-Source and Security: Why Open-Source is not insecure

Added on 10/06/2015 by Frank Hissen

Recently, I received the question if it would not be dangerous, when the source code for an encryption software is publicly available. An answer... ...

Introducing cloaked (headerless) files - CrococryptFile 1.3 released

Added on 07/02/2015 by Frank Hissen

Today, we released CrococryptFile 1.3 as free download. This version includes a new crypto suite: "cloaked" archives. This kind of suite encrypts archives without headers. What this exactly means, we explain in the following. ...

Container vs. File-by-file Encryption OR CrococryptFile vs. CrococryptMirror

Added on 06/15/2015 by Frank Hissen

This article is about the differences of the encryption schemes between a container and a file-by-file encryption solution and the resulting privacy implications. At the end, you will see that it is also a matter of taste and application context. ...


About HissenIT's Blog & News

This blog is written by Frank Hissen (Computer Scientist). The majority of posts is about HissenIT, new software and other topics within the areas of software development and IT security.