Paul Ambrosini

Paul Ambrosini

Paul is the Director of engineering at SourceClear, leading the platform team to build the best software composition analysis solution.

Stay up to date on Application Security

Posts by Paul Ambrosini
  • Docker and JAVA_OPTS
    December 22, 2015 | By Paul Ambrosini

    While adjusting some environment variables recently, I came across an odd issue with Docker, Spring Boot and JAVA_OPTS. JAVA_OPTS comes from the Tomcat/Catalina world and when searching for "Docker and javaopts" on Google you'll find many references to just adding JAVA_OPTS to the Docker…

    Read Article
     
  • Spring Social Core Vulnerability…
    November 11, 2015 | By Paul Ambrosini

    Today we would like to announce the discovery of a vulnerability in the Spring Social Core library. Spring Social provides Java bindings to popular service provider APIs like GitHub, Facebook, Twitter, etc., and is widely used by developers. All current versions (1.0.0.RELEASE to 1.1.2.RELEASE) of…

    Read Article
     
  • Spring, RabbitMQ & Dead Letter…
    April 26, 2015 | By Paul Ambrosini

    RabbitMQ has become a staple for building job queues between the myriad of spring boot micro-serivces I've built at SRC:CLR. The Spring abstraction has allowed for quick and mostly painless development. What I hadn't found a need for was RabbitMQ's "Dead Letter Exchange" setup. Multiple times there…

    Read Article
     
  • Prohibiting RC4 Cipher Suites in AWS
    January 15, 2015 | By Paul Ambrosini

    In December of 2014 researchers found that the RC4 cipher being used in common TLS implementations could be easily broken. As of January 15 2015 the recommended predefined security policy for AWS Elastic Load Balancers still permits the use of RC4 ciphers and will need to be custom configured to…

    Read Article
     

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.