Security in Modem Software Development

Using automated end-2-end tests to automatically analyze web applications with OWASP ZAP

Gerd Altmann on Pixabay

In one of my last stories Automated Security Testing in Agile Software Projects, I had a look at automated security tests using OWASP ZAP. This tool can be used to perform automated penetration tests for various kinds of web application and can easily be integrated into existing CI/CD pipelines. ZAP can provide valuable and fast feedback to developers. However, to get the optimum out of it, you need to tweak it to your specific setup. Crucial thereby is the exploration stage where ZAP analyses the application and tries to find all provided endpoints.

The simplest way to do this is…


Go, Python, and TypeScript — can they replace Java for backend development?

Photo by Austris Augusts on Unsplash

As of 2020, the most used programming languages to build web applications backends still is Java. However, Java is also famous for its slow startup and huge memory footprint. Those overheads are especially costly in a microservice architecture as you have to pay them for each service again. Multiple Java frameworks and technologies are trying to solve this problem, however as for now none of them really succeeds (for details on this topic, check my story on which Java Microservice Framework Should You Choose in 2020). …


Security in Modem Software Development

Using OWASP ZAP within a CI/CD pipeline to perform automated security tests in agile software projects

Photo by Pew Nguyen from Pexels

Modern agile methods allow us to create and deploy software faster than ever before. Unfortunately, agile methods and secure software have historically not been the best of friends. Traditional security practices have usually been built for waterfall projects with upfront requirements and security gates, and so agile teams have a hard time adapting them to a world with frequent requirements changes and fast deploy cycles.

One of the most fundamental changes brought about by agile methods is how testing is done. If you deliver software with every sprint, handling implementations over to a dedicated test team is not an option…


Exploring Micronaut and Quarkus vs. Spring Boot — how good are they?

Photo by Pietro Mattia on Unsplash

As of 2020, Java is still one of the most popular programming languages to build web applications — although it has to face harsh competition from newer languages like Go, Python, and TypeScript.

Inside the Java world, the Spring Framework has become the de facto standard for microservice development.Through libraries like Spring Boot and Spring Data, the framework is easy to use and allows for an efficient and, for the most part, painless development.

However, in recent years new frameworks have been introduced, claiming to improve the startup time as well as the memory footprint of Java applications. As I…


Photo by Guillaume Jaillet on Unsplash

In this story I show how to access relational databases from Java in a reactive way using R2DBC. I will therefore create an example project containing a simple rest interface to create, read, update and deleted rows in a PostgreSQL database. The example project will use the Micronaut Framework running as a native GraalVM image. As I hope that this combination drastically improves the startup time and memory footprint I will compare those to a similar spring application using MVC and Spring Data.

Reactive Programming

In a traditional Java application, a thread handles one request at a time. At application startup, the…

Matthias Graf

Software Architect from Switzerland. Interested in Java, Microservices, Access Management and other

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store