Archive for December, 2011

Importance of Security

Thursday, December 1st, 2011

Everybody knows web application are now de facto standard in daily use. We go even further as we have more and more mobile devices.
We are building our apps in such a way we can access it from mobile phones, tablets and even e-book readers.

So nobody should be surprised that companies involved in web standards have published article focused on web application security.

  • Google: Browser Security Handbook
  • Google: Web Application Exploits and Defenses part onepart two part threepart fourpart five.
  • Great live step by step tutorial on Gruyere application. It is challenging
  • Mozilla : WebAppSec/Secure Coding Guidelines - Here are some quick wins.
    • For all cookies set the HTTPOnly and Secure flag
    • Make sure login pages are only served on HTTPS and all authenticated pages are only served on HTTPS
    • Don’t trust any user data (input, headers, cookies etc). Make sure to validate it before using it
  • Last but not least OWASP site is one of the best security information site.

Happy Hacking your apps

Posted in java | 2 Comments »

about me

My name is Sebastian Pietrowski. I've finished Warsaw University as Master degree. During my studies I started work for merlin.pl. The primary language I use is Java but I have also programmed in Python, Ruby and Scala. I worked as a technical solution architect at merlin.pl. infrastructure when we were moving from PL/SQL to J2EE. I engineering a great performance optimized solution that made the application 10 times faster than requirements and 85 times faster as original solution.

Currently, I am working as a Senior Expert at F.Hoffmann-La Roche to help define future roadmap in design and development of Enterprise software at Roche and Genentech and build adoption for new technologies. I'm continuously mentoring new developers, helping them understand how important test driven development is and empowering them to get better at their daily job. I'm involved in many activities which brings new technologies for better and faster development. You can find more details on my LinkedIn profile.

But don’t get me wrong, I am not your typical nerd. I'm a pleasant guy that you can drink a glass of wine with me and talk about a range of topics with. My leisure activities include playing basketball, soccer and listening to music. I try to be pragmatic while staying focused on application performance and tuning with success in my daily work.

My favorite quote from Yoda's and my life’s motto is: Do, or do not. There is no try.