Maartens Notebook

I am moving my notebook to a new location. If you were using a bookmark, please update it to

Archive of notes from 2016

Automatic scan for known vulnerabilities in dependencies

When using third-party components (be it open source or not), we all know it’s a good practice to keep your frameworks and libraries up to date. This is also one of the spearhead in the OWASP Top 10 (2013 edition): A9 - Using Components with Known Vulnerabilities. To help you assess your projects status with regard to this, developed the tool Dependency Check. This tool is primarily intended code bases in Java, .NET, Ruby, Node.js, and Python. Integration with various build tools is also provided for.

Posted Aug 30, 2016.

Tweaking nginx for serving static content

For a recent project, we decided to use the nginx webserver as our primary web server. It is easy, relatively light-weight, and it seemed to suit our needs quite well. The project had a lot of static content - HTML, JavaScript, CSS and image files. Of course, we wanted to achieve a high performance with as many concurrent requests being served as possible. This is what we did.

Posted Mar 1, 2016.

Quickly count your code base

Often, the size of a code base is measured in terms of “source lines of code” (SLoC). If you’re interested in the size of your code base - or your client is - this metric provides a way to express that size. Of course, comments and the like are not considered to be code, so how to determine this metric? Using grep is tempting, but it quickly results in a very complex and hard-to-understand approach.

Posted Feb 3, 2016.

Easily upgrade Java dependencies

To start with a cliche: the Java ecosystem continues to develop at a high pace. Various open source frameworks releasing versions, sometimes even multiple versions at the same time. This may quickly turn into a risk But how to deal with it?

Posted Jan 20, 2016.