Tag: Security
With a 742% average annual increase in software supply chain attacks reported by Sonatype, application security has become a top concern for businesses. Today Vaadin is excited to announce AppSec Kit, a new Acceleration Kit designed to enhance the security of your web applications built with Vaadin. AppSec Kit is currently available for Vaadin 7 and Vaadin 8 and will be included with Extended Maintenance and with Ultimate subscriptions. We plan to offer AppSec Kit for additional versions of Vaadin later this year.
Securing Vaadin apps with Spring Security
Getting security right is critical when building web apps. The upside of building a web app is that people can use it wherever they are, on any device. But you need to ensure that only the right people are able to access it, and that they have access to only the features you intended. In this ...
Vaadin Security Updates
You might have been wondering about the increased number of security-related emails in your inbox. Our newly appointed security team has been performing internal code reviews, especially on the build-time tooling, and found a bunch of less-critical vulnerabilities. We are also now a CVE numbering ...
Using OAuth 2 and Google Sign-in for a Vaadin 14 application
Most web applications need an authentication mechanism. In this article, I create a simple example of how to use Google Sign-in with OAuth 2. Previously, Matti Tahvonen covered the topic in Implementing sign-in with Google’s OAuth 2 services, but that targets Vaadin 7. This post updates it for ...
The dangers of using the wrong abstraction for Vaadin access control
Abstractions are important, but mismatched abstractions can be problematic. One particular mismatch that I encounter every now and then is a lot more than problematic: it can be outright dangerous. This is the mismatch between URL-based filtering in various security frameworks and view-based ...
Enabling HTTPS in your Java server using a free certificate
Using HTTPS connections in web application client-server communication has grown to be more and more common nowadays. In fact, for some types of applications, it’s become a requirement. For example, if you want to use Geolocation API in a web app running in Chrome, you need to have HTTPS enabled. ...
