Posted on

WordCamp Oslo 2018: “Security Is a Process, Not a Plugin” (Talk)



In 2000, the internationally renowned security technologist Bruce Schneier wrote: “Security is a process, not a product”. In the same essay, he wondered: “Will we ever learn?”. Apparently not.

How many times have you considered your WordPress application security only once completed? How many times have you installed a security plugin and thought it was enough? Securing a web application doesn’t mean installing a plugin just before deployment. Not at all.

I’m very passionate about security and I’d like to share my thoughts with you. My focus will be the security awareness related to web applications. Is WordPress secure? I will answer this question very clearly. And you’re not gonna like it!

Posted on

Securing a Spring Boot Application with Keycloak

Last Update: 27 January 2019

In this article, we’re going to secure a Spring Boot application using Keycloak.

Securing Spring Boot with Keycloak - ThomasVitale.com

Before doing that, let’s briefly recall what we have done so far.

First, we talked about the main features of Keycloak used in this series and learned how to install and boot the Keycloak server.

Then, we set Keycloak with some basic configurations to use it for securing a web application (providing it with authentication and authorization).

In this article, we’re going to learn how to:

    1. Create a client in Keycloak;
    2. Set up the Spring Boot application;
    3. Define the application resources;
    4. Add access policies based on user roles.

You can check out the full source code of the demo project we’re going to build on GitHub.

Let’s get started! Continue reading “Securing a Spring Boot Application with Keycloak”