Showing posts from security

Raising the Bar: Quality Gates for AI-Generated Code

Raising the Bar: Quality Gates for AI-Generated Code

AI coding tools let your team ship faster than ever. That is the pitch, and it is not wrong. But nobody talks about what you are shipping. Right now, most teams use these tools to produce broken software at unprecedented speed.

Security holes, silent data corruption, exception handling that hides failures. None of this shows up in your sprint velocity. It shows up when the product collapses under technical debt, or when a customer hits an unhandled edge case in production. If your team uses AI coding tools without guardrails, you are not moving fast. You are accumulating landmines.

Read More
Securing isolated systems: Caveats of using plain OAUTH flows and how to solve them

Securing isolated systems: Caveats of using plain OAUTH flows and how to solve them

While OIDC and OAUTH are well-known standards, they don’t fit every purpose “out of the box.” In businesses with special regulations like banking, health care, etc., non-functional requirements to auth can be challenging. Different solutions and ways were evaluated to create a new identity provider for a medical network. The first approach was “just” using simple OAUTH by its most famous Authorization Code Flow. Of course, it failed fast, and I’ll show why and how we solved it in this post.

Read More
The Spring Security Oauth2 Blues - Simplicity

The Spring Security Oauth2 Blues - Simplicity

I personally like the Spring Framework and its security components, because it’s pretty full-featured and easy to use, but when it comes to Spring Security OAuth2, there’s a huge quality breakdown. In this (probably series) of blogposts, I’ll try to sum up the good, the bad, the evil and why I ended up completely dropping Spring Security OAuth2.

Read More