Skip to main content

Paul Ambrosini

Paul is the Director of engineering at SourceClear, leading the platform team to build the best software composition analysis solution.

Posts by Paul Ambrosini
  • Docker and JAVA_OPTS
    December 22, 2015

    While adjusting some environment variables recently, I came across an odd issue with Docker, Spring Boot and JAVA_OPTS. JAVA_OPTS comes from the Tomcat/Catalina world and when searching for "Docker and javaopts" on Google you'll find many references to just adding JAVA_OPTS to the Docker environment. After some testing, I found this to be incorrect when running a Spring Boot jar in a Docker… READ MORE

Stay up to date on Application Security

  • Today we would like to announce the discovery of a vulnerability in the Spring Social Core library. Spring Social provides Java bindings to popular service provider APIs like GitHub, Facebook, Twitter, etc., and is widely used by developers. All current versions (1.0.0.RELEASE to 1.1.2.RELEASE) of the library are affected by this vulnerability. To exploit this vulnerability, an attacker can… READ MORE

  • RabbitMQ has become a staple for building job queues between the myriad of spring boot micro-serivces I've built at SRC:CLR. The Spring abstraction has allowed for quick and mostly painless development. What I hadn't found a need for was RabbitMQ's "Dead Letter Exchange" setup. Multiple times there had been discussions about using the dead letter pattern but I'd never gone that route. During one… READ MORE

  • In December of 2014 researchers found that the RC4 cipher being used in common TLS implementations could be easily broken. As of January 15 2015 the recommended predefined security policy for AWS Elastic Load Balancers still permits the use of RC4 ciphers and will need to be custom configured to deal with the RC4 vulnerability. These steps are described here. Background In October of 2014 a… READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.