Generate a Secure Random Password in Java

Recently I had to generate a random password that met the password security requirements of AWS – 32 characters in length with 1 special character and 1 digit.

Turned out to be a simple enough thing to do in java.

String characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789~`!@#$%^&*()-_=+[{]}\\|;:\'\",<.>/?";
String password = RandomStringUtils.random(32, characters);

Just make sure you include the Apache Commons Lang

Source: Generate a Secure Random Password in Java with Minimum Special Character Requirements

Securing your ASP.NET Cookies

You might find from Pen Tests on your ASP.NET web applications that a common failure point is security around cookies over HTTPS.

Even if you force your application to use HTTPS some cookies such as the ASP.NET_SessionId cookie can still be accessed using HTTP.

A simple fix for this is in your Web.onfig file.

  <httpCookies httpOnlyCookies="true" requireSSL="true" />

Source: How to secure the ASP.NET_SessionId cookie?