SlideShare ist ein Scribd-Unternehmen logo

ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONS

elliando dias
elliando dias
Technologie
1 von 30
Downloaden Sie, um offline zu lesen
ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONS Ben Alex, Principal Software Engineer TS-6348 Speaker’s logo here (optional)
Learn what's coming in enterprise application security, and how to achieve it easily today. 2008 JavaOneSM Conference | java.com.sun/javaone | 2
Agenda A Quick Landscape Review Simple Web Application Security Beyond Simple Web Application Security Adding Method Authorization Enterprise Connectivity AJAX Clients and Web 2.0 Final Thoughts 2008 JavaOneSM Conference | java.com.sun/javaone | 3
Approaching AAAA Security considerations revolve around AAAA • Authentication: who are they? • Authorization: what can they do? • Accounting: what resources did they consume in doing it? • Auditing: what exactly did they do? Java™ Servlets and JAAS Third party products Build your own 2008 JavaOneSM Conference | java.com.sun/javaone | 4
Java™ Servlet Security Solid foundation provided by the Servlet API HttpServletRequest methods • boolean isUserInRole(String role) • String getRemoteUser() • Principal getUserPrincipal() Configured in web.xml • <security-constraint> • <login-config> • <security-role> Self registration requirements being considered in JSR 315 2008 JavaOneSM Conference | java.com.sun/javaone | 5
JAAS Java Authentication and Authorization Service (JAAS) Optional in Java™ 1.3, and included in SDK from Java™ 1.4 LoginContext CallbackHandler LoginModule Subject Principal Configured in policy files Many Java™ servers use JAAS 2008 JavaOneSM Conference | java.com.sun/javaone | 6
Agenda A Quick Landscape Review Simple Web Application Security Beyond Simple Web Application Security Adding Method Authorization Enterprise Connectivity AJAX Clients and Web 2.0 Final Thoughts 2008 JavaOneSM Conference | java.com.sun/javaone | 7
What Are “Simple Requirements”? Login form Authentication against common backends Web URL authorization Determining who is logged in Programmatic authorization Logout mechanism Externalization of deployment configuration Transport-level protection Maintaining authentication scope during a session 2008 JavaOneSM Conference | java.com.sun/javaone | 8
Demonstration Software My demos today will use Spring Security 2 • Open source project from SpringSource, the company behind Spring • Formerly known as “Acegi Security”, and publicly available since 2003 Builds upon the Java™ platform • Integrates with Java™ Servlet Security container authentication • Integrates with JAAS login modules • External porting efforts underway to .Net, Python and other platforms Spring Security supports all technologies discussed today Widely used in global banking, defense, government etc 2008 JavaOneSM Conference | java.com.sun/javaone | 9
Implementing Simple Requirements (in 10 minutes or less) 2008 JavaOneSM Conference | java.com.sun/javaone | 10
Agenda A Quick Landscape Review Simple Web Application Security Beyond Simple Web Application Security Adding Method Authorization Enterprise Connectivity AJAX Clients and Web 2.0 Final Thoughts 2008 JavaOneSM Conference | java.com.sun/javaone | 11
Component, State and Transition Security We're moving towards component-based web frameworks • For example, Java™ Server Faces • Reducing development time, and increasing modularity Spring Web Flow provides a JSF model and authorization of • States • Flows • Transitions Spring Web Flow unifies JSF and Spring Security 2008 JavaOneSM Conference | java.com.sun/javaone | 12
CAPTCHA Overview Completely Automated Public Test to tell Computers and Humans Apart Useful for mitigating denial of service and IP infringement Popular Java™ solutions include JCaptcha and reCAPTCHA Consider accessibility issues • http://tinyurl.com/3ypzck (Matt May, “Escape from Captcha”, 2004) Captchas are often machine decipherable • http://www.cs.sfu.ca/~mori/research/gimpy/ 2008 JavaOneSM Conference | java.com.sun/javaone | 13
Single Sign On and Federated Identity NTLM for Microsoft® Windows® intranet apps • Works with Mozilla® Firefox® and Microsoft® Internet Explorer® • Implement using Samba JCIFS JA-SIG Central Authentication Service (CAS) for intranet apps • Java™ (for both client and server, plus full Spring Security support) • Other clients include .Net, PHP, Perl, Apache etc OpenID for Internet apps • Sun®, IBM®, Microsoft®, Google®, Yahoo®, AOL®, Yahoo®, Blogger™ • Implement using OpenID4Java 2008 JavaOneSM Conference | java.com.sun/javaone | 14
Agenda A Quick Landscape Review Simple Web Application Security Beyond Simple Web Application Security Adding Method Authorization Enterprise Connectivity AJAX Clients and Web 2.0 Final Thoughts 2008 JavaOneSM Conference | java.com.sun/javaone | 15
Protecting Methods Strongly recommended in preference to web authorization • Can still be used concurrently with web URL authorization Before a method invocation • Is the user authorized in view of the signature and arguments? After a method invocation • Was the user authorized in view of the returned object? • Should the returned object be modified in some manner? Typically used on the services or domain layer • Thus all client layers are secured (web, rich client, JMS etc) • Of course, proper encapsulation and layering should remain a priority 2008 JavaOneSM Conference | java.com.sun/javaone | 16
JSR 250 Method Security Metadata JSR 250: “Common Annotations for the Java™ Platform™” Annotate classes • @RunAs(“someRole”) • @RolesAllowed(“someRole”) • @PermitAll() • @DenyAll() • @DeclareRoles(“someRole”) Annotation interaction defined in JSR 250, Section 2.11 Spring Security supports JSR-250, plus @Secured, <protect- pointcut>, <protect-method> and custom strategies 2008 JavaOneSM Conference | java.com.sun/javaone | 17
Domain Access Control Domain access control considers • Who the user is • Which method they are invoking on which Java™ type • Which domain object instance they are invoking the method on Major considerations • Performance and normalization level of the ACL database • Appropriate tier to perform filtering (eg database-side or Java™) • Potential propagation of user identity from Java™ to database 2008 JavaOneSM Conference | java.com.sun/javaone | 18
Method Authorization 2008 JavaOneSM Conference | java.com.sun/javaone | 19
Agenda A Quick Landscape Review Simple Web Application Security Beyond Simple Web Application Security Adding Method Authorization Enterprise Connectivity AJAX Clients and Web 2.0 Final Thoughts 2008 JavaOneSM Conference | java.com.sun/javaone | 20
Basic Authentication Great for RESTful paradigms and remote clients RFC 1945, Section 11.1 Stateless HTTP header based • Header name: “Authorization” • Header value: “Basic” + “ “ + Base64(username + “:” + password) • Some SSO solutions permit session tokens to be presented over Basic Recommended, but only if used with HTTPS • Consider Digest authentication if only HTTP is available • See RFC 2617 Section 4 for a comparison of Basic and Digest • Be aware of cross-site request forgery risks 2008 JavaOneSM Conference | java.com.sun/javaone | 21
WSS (formerly WS-Security) and REST POX WSS provides key security functionality for SOAP Use XWSS for Java™ WSS • Visit https://xwss.dev.java.net/ • XWSS version 2.0 implements OASIS WSS Specification 1.0 • XWSS version 3.0 implements OASIS WSS Specification 1.1 • Part of Project Metro (https://metro.dev.java.net/) and Glassfish™ Spring Web Services integrates XWSS and Spring Security Securing Plain Old XML using the RESTful paradigm • Option 1: Use HTTP Basic authentication • Option 2: Use XPath to extract username/password from XML payload 2008 JavaOneSM Conference | java.com.sun/javaone | 22
Securing JMS and ESBs JMS 1.1 does not provide message integrity or privacy • Refer to JMS 1.1 Specification (JSR 914) Section 2.7 • Implementations are expected to provide such features Destination authorization may be provided (eg ActiveMQ) • Read from destination; write to destination; admin destination ESBs may provide implementation-specific capabilities • Endpoint authorization; channel authorization; security translation Spring Integration addresses security in its Q2 2008 roadmap 2008 JavaOneSM Conference | java.com.sun/javaone | 23
Enterprise Connectivity 2008 JavaOneSM Conference | java.com.sun/javaone | 24
Agenda A Quick Landscape Review Simple Web Application Security Beyond Simple Web Application Security Adding Method Authorization Enterprise Connectivity AJAX Clients and Web 2.0 Final Thoughts 2008 JavaOneSM Conference | java.com.sun/javaone | 25
Securing GWT GWT offers no authentication-specific features • Option 1: ServiceDefTarget.setServiceEndPoint(...) with jsessionid • Option 2: Establish a token, then present it as a cookie and in RPC calls Key considerations • Session and/or token timeout issues • How to robustly logout • Cross-site request forgery • Transition of existing server-side authentication to GWT client Useful GWT security advice • http://tinyurl.com/3akc6y (GWT wiki) offers GWT security advice • http://tinyurl.com/2ynd26 (GWT incubator) includes Spring Security 2008 JavaOneSM Conference | java.com.sun/javaone | 26
AJAX Clients and Web 2.0 2008 JavaOneSM Conference | java.com.sun/javaone | 27
Agenda A Quick Landscape Review Simple Web Application Security Beyond Simple Web Application Security Adding Method Authorization Enterprise Connectivity Remote Clients and Web 2.0 Final Thoughts 2008 JavaOneSM Conference | java.com.sun/javaone | 28
Enterprise Application Security Tips Use a proven security framework; don't roll your own Start simply, and add complexity incrementally Consider user registration requirements Plan for federated identity, particularly involving OpenID For in-house applications, consider NTLM and CAS Employ Captcha techniques to mitigate DoS attacks Favor method authorization over web authorization Annotations-based authorization metadata is quick and easy Very carefully consider any domain object instance security Prefer Basic authentication for RESTful, HTTPS interactions Leverage WSS for transport-independent SOAP 2008 JavaOneSM Conference | java.com.sun/javaone | 29
Ben Alex, Principal Software Engineer TS-6348 Speaker’s logo here (optional) 2008 JavaOneSM Conference | java.com.sun/javaone | 30

Empfohlen

Asec r01-resting-on-your-laurels-will-get-you-pwned
Asec r01-resting-on-your-laurels-will-get-you-pwnedAsec r01-resting-on-your-laurels-will-get-you-pwned
Asec r01-resting-on-your-laurels-will-get-you-pwnedDinis Cruz
 
Data power v7 update - Ravi Katikala
Data power v7 update - Ravi KatikalaData power v7 update - Ravi Katikala
Data power v7 update - Ravi Katikalafloridawusergroup
 
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?Tobias Koprowski
 
Microservice Architecture JavaCro 2015
Microservice Architecture JavaCro 2015Microservice Architecture JavaCro 2015
Microservice Architecture JavaCro 2015Nenad Pecanac
 
Why Security Teams should care about VMware
Why Security Teams should care about VMwareWhy Security Teams should care about VMware
Why Security Teams should care about VMwareJJDiGeronimo
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesJason Chan
 
What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)Rudy De Busscher
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
 

Empfohlen

Asec r01-resting-on-your-laurels-will-get-you-pwned
Asec r01-resting-on-your-laurels-will-get-you-pwnedAsec r01-resting-on-your-laurels-will-get-you-pwned
Asec r01-resting-on-your-laurels-will-get-you-pwnedDinis Cruz
 
Data power v7 update - Ravi Katikala
Data power v7 update - Ravi KatikalaData power v7 update - Ravi Katikala
Data power v7 update - Ravi Katikalafloridawusergroup
 
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?Tobias Koprowski
 
Microservice Architecture JavaCro 2015
Microservice Architecture JavaCro 2015Microservice Architecture JavaCro 2015
Microservice Architecture JavaCro 2015Nenad Pecanac
 
Why Security Teams should care about VMware
Why Security Teams should care about VMwareWhy Security Teams should care about VMware
Why Security Teams should care about VMwareJJDiGeronimo
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesJason Chan
 
What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)Rudy De Busscher
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
 
Java ee 8 + security overview
Java ee 8 + security overviewJava ee 8 + security overview
Java ee 8 + security overviewRudy De Busscher
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld
 
Case Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoCase Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoForgeRock
 
Community and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZCommunity and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZMarkus Eisele
 
Barracuda web application_firewall_wp_advantage
Barracuda web application_firewall_wp_advantageBarracuda web application_firewall_wp_advantage
Barracuda web application_firewall_wp_advantageINSPIRIT BRASIL
 
WSO2 Charon
WSO2 CharonWSO2 Charon
WSO2 CharonHasiniG
 
JavaCro'15 - Oracle Java Cloud Service Java PaaS - Duško Vukmanović
JavaCro'15 - Oracle Java Cloud Service Java PaaS - Duško VukmanovićJavaCro'15 - Oracle Java Cloud Service Java PaaS - Duško Vukmanović
JavaCro'15 - Oracle Java Cloud Service Java PaaS - Duško VukmanovićHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Security in practice with Java EE 6 and GlassFish
Security in practice with Java EE 6 and GlassFishSecurity in practice with Java EE 6 and GlassFish
Security in practice with Java EE 6 and GlassFishMarkus Eisele
 
How to avoid top 10 security risks in Java EE applications and how to avoid them
How to avoid top 10 security risks in Java EE applications and how to avoid themHow to avoid top 10 security risks in Java EE applications and how to avoid them
How to avoid top 10 security risks in Java EE applications and how to avoid themMasoud Kalali
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionalityvivekbhat
 
[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security Architectures[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security ArchitecturesOWASP
 
The Top 10 Things Oracle UCM Users Need To Know About WebLogic
The Top 10 Things Oracle UCM Users Need To Know About WebLogicThe Top 10 Things Oracle UCM Users Need To Know About WebLogic
The Top 10 Things Oracle UCM Users Need To Know About WebLogicBrian Huff
 
Java Security
Java SecurityJava Security
Java Securityelliando dias
 
vCenter Orchestrator APIs
vCenter Orchestrator APIsvCenter Orchestrator APIs
vCenter Orchestrator APIsPablo Roesch
 
Java Security Framework's
Java Security Framework'sJava Security Framework's
Java Security Framework'sMohammed Fazuluddin
 
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...VMworld
 
Scim overview
Scim overviewScim overview
Scim overviewMorteza Ansari
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld
 
Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0Kelly Grizzle
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Deivid Toledo
 
Coordenação de Informática - 2011
Coordenação de Informática - 2011Coordenação de Informática - 2011
Coordenação de Informática - 2011Aislan Rafael
 
Aula 01 - POO - Bem Vindo a Objetolândia!
Aula 01 - POO - Bem Vindo a Objetolândia!Aula 01 - POO - Bem Vindo a Objetolândia!
Aula 01 - POO - Bem Vindo a Objetolândia!Aislan Rafael
 

Weitere ähnliche Inhalte

Was ist angesagt?

Java ee 8 + security overview
Java ee 8 + security overviewJava ee 8 + security overview
Java ee 8 + security overviewRudy De Busscher
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld
 
Case Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoCase Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoForgeRock
 
Community and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZCommunity and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZMarkus Eisele
 
Barracuda web application_firewall_wp_advantage
Barracuda web application_firewall_wp_advantageBarracuda web application_firewall_wp_advantage
Barracuda web application_firewall_wp_advantageINSPIRIT BRASIL
 
WSO2 Charon
WSO2 CharonWSO2 Charon
WSO2 CharonHasiniG
 
Security in practice with Java EE 6 and GlassFish
Security in practice with Java EE 6 and GlassFishSecurity in practice with Java EE 6 and GlassFish
Security in practice with Java EE 6 and GlassFishMarkus Eisele
 
How to avoid top 10 security risks in Java EE applications and how to avoid them
How to avoid top 10 security risks in Java EE applications and how to avoid themHow to avoid top 10 security risks in Java EE applications and how to avoid them
How to avoid top 10 security risks in Java EE applications and how to avoid themMasoud Kalali
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionalityvivekbhat
 
[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security Architectures[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security ArchitecturesOWASP
 
The Top 10 Things Oracle UCM Users Need To Know About WebLogic
The Top 10 Things Oracle UCM Users Need To Know About WebLogicThe Top 10 Things Oracle UCM Users Need To Know About WebLogic
The Top 10 Things Oracle UCM Users Need To Know About WebLogicBrian Huff
 
vCenter Orchestrator APIs
vCenter Orchestrator APIsvCenter Orchestrator APIs
vCenter Orchestrator APIsPablo Roesch
 
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...VMworld
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld
 
Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0Kelly Grizzle
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Deivid Toledo
 

Was ist angesagt? (20)

Java ee 8 + security overview
Java ee 8 + security overviewJava ee 8 + security overview
Java ee 8 + security overview
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX
 
Case Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoCase Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San Francisco
 
Community and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZCommunity and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZ
 
Barracuda web application_firewall_wp_advantage
Barracuda web application_firewall_wp_advantageBarracuda web application_firewall_wp_advantage
Barracuda web application_firewall_wp_advantage
 
WSO2 Charon
WSO2 CharonWSO2 Charon
WSO2 Charon
 
JavaCro'15 - Oracle Java Cloud Service Java PaaS - Duško Vukmanović
JavaCro'15 - Oracle Java Cloud Service Java PaaS - Duško VukmanovićJavaCro'15 - Oracle Java Cloud Service Java PaaS - Duško Vukmanović
JavaCro'15 - Oracle Java Cloud Service Java PaaS - Duško Vukmanović
 
Security in practice with Java EE 6 and GlassFish
Security in practice with Java EE 6 and GlassFishSecurity in practice with Java EE 6 and GlassFish
Security in practice with Java EE 6 and GlassFish
 
How to avoid top 10 security risks in Java EE applications and how to avoid them
How to avoid top 10 security risks in Java EE applications and how to avoid themHow to avoid top 10 security risks in Java EE applications and how to avoid them
How to avoid top 10 security risks in Java EE applications and how to avoid them
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionality
 
[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security Architectures[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security Architectures
 
The Top 10 Things Oracle UCM Users Need To Know About WebLogic
The Top 10 Things Oracle UCM Users Need To Know About WebLogicThe Top 10 Things Oracle UCM Users Need To Know About WebLogic
The Top 10 Things Oracle UCM Users Need To Know About WebLogic
 
Java Security
Java SecurityJava Security
Java Security
 
vCenter Orchestrator APIs
vCenter Orchestrator APIsvCenter Orchestrator APIs
vCenter Orchestrator APIs
 
Java Security Framework's
Java Security Framework'sJava Security Framework's
Java Security Framework's
 
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
 
Scim overview
Scim overviewScim overview
Scim overview
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
 
Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)
 

Andere mochten auch

Coordenação de Informática - 2011
Coordenação de Informática - 2011Coordenação de Informática - 2011
Coordenação de Informática - 2011Aislan Rafael
 
Aula 01 - POO - Bem Vindo a Objetolândia!
Aula 01 - POO - Bem Vindo a Objetolândia!Aula 01 - POO - Bem Vindo a Objetolândia!
Aula 01 - POO - Bem Vindo a Objetolândia!Aislan Rafael
 
Tratamento de exceções com PHP
Tratamento de exceções com PHPTratamento de exceções com PHP
Tratamento de exceções com PHPLeonardo Soares
 
Aula 02 POO - Meu Primeiro Código
Aula 02 POO - Meu Primeiro CódigoAula 02 POO - Meu Primeiro Código
Aula 02 POO - Meu Primeiro CódigoAislan Rafael
 
Aula 03 - POO - Um pouco mais sobre variáveis
Aula 03 - POO - Um pouco mais sobre variáveisAula 03 - POO - Um pouco mais sobre variáveis
Aula 03 - POO - Um pouco mais sobre variáveisAislan Rafael
 
Aula 04 - POO - Estruturas de Controle e Repetição
Aula 04 - POO - Estruturas de Controle e Repetição Aula 04 - POO - Estruturas de Controle e Repetição
Aula 04 - POO - Estruturas de Controle e Repetição Aislan Rafael
 
Banco de dadados MySQL com PHP
Banco de dadados MySQL com PHPBanco de dadados MySQL com PHP
Banco de dadados MySQL com PHPLeonardo Soares
 
PHP 5.3 - Classes e Objetos
PHP 5.3 - Classes e ObjetosPHP 5.3 - Classes e Objetos
PHP 5.3 - Classes e ObjetosGeorge Mendonça
 
Programação Orientada a Objetos (POO) com PHP - Parte 1
Programação Orientada a Objetos (POO) com PHP - Parte 1Programação Orientada a Objetos (POO) com PHP - Parte 1
Programação Orientada a Objetos (POO) com PHP - Parte 1Israel Messias
 
Programação Orientada a Objetos (POO) com PHP - Parte 2
Programação Orientada a Objetos (POO) com PHP - Parte 2Programação Orientada a Objetos (POO) com PHP - Parte 2
Programação Orientada a Objetos (POO) com PHP - Parte 2Israel Messias
 
Concurso de Pitch - EDIFPI
Concurso de Pitch - EDIFPIConcurso de Pitch - EDIFPI
Concurso de Pitch - EDIFPIAislan Rafael
 
Hackeando sua aplicaçao php na pratica
Hackeando sua aplicaçao php na pratica Hackeando sua aplicaçao php na pratica
Hackeando sua aplicaçao php na pratica Cyrille Grandval
 
Curso Desenvolvimento WEB com PHP - PHP (parte 1)
Curso Desenvolvimento WEB com PHP - PHP (parte 1)Curso Desenvolvimento WEB com PHP - PHP (parte 1)
Curso Desenvolvimento WEB com PHP - PHP (parte 1)Willian Magalhães
 
Desenvolvimento web: PHP orientado a objetos
Desenvolvimento web: PHP orientado a objetosDesenvolvimento web: PHP orientado a objetos
Desenvolvimento web: PHP orientado a objetosLucas Vegi
 
Uma Abordagem Prática de Orientação a Objetos com PHP (FLISOL DF 2011)
Uma Abordagem Prática de Orientação a Objetos com PHP (FLISOL DF 2011)Uma Abordagem Prática de Orientação a Objetos com PHP (FLISOL DF 2011)
Uma Abordagem Prática de Orientação a Objetos com PHP (FLISOL DF 2011)George Mendonça
 
CURSO DE PHP PARA INICIANTES - AULA 1
CURSO DE PHP PARA INICIANTES - AULA 1CURSO DE PHP PARA INICIANTES - AULA 1
CURSO DE PHP PARA INICIANTES - AULA 1Norivan Oliveira
 

Andere mochten auch (19)

Coordenação de Informática - 2011
Coordenação de Informática - 2011Coordenação de Informática - 2011
Coordenação de Informática - 2011
 
Aula 01 - POO - Bem Vindo a Objetolândia!
Aula 01 - POO - Bem Vindo a Objetolândia!Aula 01 - POO - Bem Vindo a Objetolândia!
Aula 01 - POO - Bem Vindo a Objetolândia!
 
Tratamento de exceções com PHP
Tratamento de exceções com PHPTratamento de exceções com PHP
Tratamento de exceções com PHP
 
Aula 02 POO - Meu Primeiro Código
Aula 02 POO - Meu Primeiro CódigoAula 02 POO - Meu Primeiro Código
Aula 02 POO - Meu Primeiro Código
 
Ferramentas Case E Oo
Ferramentas Case E OoFerramentas Case E Oo
Ferramentas Case E Oo
 
Aula 03 - POO - Um pouco mais sobre variáveis
Aula 03 - POO - Um pouco mais sobre variáveisAula 03 - POO - Um pouco mais sobre variáveis
Aula 03 - POO - Um pouco mais sobre variáveis
 
Aula 04 - POO - Estruturas de Controle e Repetição
Aula 04 - POO - Estruturas de Controle e Repetição Aula 04 - POO - Estruturas de Controle e Repetição
Aula 04 - POO - Estruturas de Controle e Repetição
 
Banco de dadados MySQL com PHP
Banco de dadados MySQL com PHPBanco de dadados MySQL com PHP
Banco de dadados MySQL com PHP
 
PHP 5.3 - Classes e Objetos
PHP 5.3 - Classes e ObjetosPHP 5.3 - Classes e Objetos
PHP 5.3 - Classes e Objetos
 
Design Patterns com PHP
Design Patterns com PHPDesign Patterns com PHP
Design Patterns com PHP
 
Programação Orientada a Objetos (POO) com PHP - Parte 1
Programação Orientada a Objetos (POO) com PHP - Parte 1Programação Orientada a Objetos (POO) com PHP - Parte 1
Programação Orientada a Objetos (POO) com PHP - Parte 1
 
Programação Orientada a Objetos (POO) com PHP - Parte 2
Programação Orientada a Objetos (POO) com PHP - Parte 2Programação Orientada a Objetos (POO) com PHP - Parte 2
Programação Orientada a Objetos (POO) com PHP - Parte 2
 
Aplicando SOLID com PHP7
Aplicando SOLID com PHP7Aplicando SOLID com PHP7
Aplicando SOLID com PHP7
 
Concurso de Pitch - EDIFPI
Concurso de Pitch - EDIFPIConcurso de Pitch - EDIFPI
Concurso de Pitch - EDIFPI
 
Hackeando sua aplicaçao php na pratica
Hackeando sua aplicaçao php na pratica Hackeando sua aplicaçao php na pratica
Hackeando sua aplicaçao php na pratica
 
Curso Desenvolvimento WEB com PHP - PHP (parte 1)
Curso Desenvolvimento WEB com PHP - PHP (parte 1)Curso Desenvolvimento WEB com PHP - PHP (parte 1)
Curso Desenvolvimento WEB com PHP - PHP (parte 1)
 
Desenvolvimento web: PHP orientado a objetos
Desenvolvimento web: PHP orientado a objetosDesenvolvimento web: PHP orientado a objetos
Desenvolvimento web: PHP orientado a objetos
 
Uma Abordagem Prática de Orientação a Objetos com PHP (FLISOL DF 2011)
Uma Abordagem Prática de Orientação a Objetos com PHP (FLISOL DF 2011)Uma Abordagem Prática de Orientação a Objetos com PHP (FLISOL DF 2011)
Uma Abordagem Prática de Orientação a Objetos com PHP (FLISOL DF 2011)
 
CURSO DE PHP PARA INICIANTES - AULA 1
CURSO DE PHP PARA INICIANTES - AULA 1CURSO DE PHP PARA INICIANTES - AULA 1
CURSO DE PHP PARA INICIANTES - AULA 1
 

Ähnlich wie ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONS

Framework adoption for java enterprise application development
Framework adoption for java enterprise application developmentFramework adoption for java enterprise application development
Framework adoption for java enterprise application developmentClarence Ho
 
Session 41 - Struts 2 Introduction
Session 41 - Struts 2 IntroductionSession 41 - Struts 2 Introduction
Session 41 - Struts 2 IntroductionPawanMM
 
Struts 2 - Introduction
Struts 2 - Introduction Struts 2 - Introduction
Struts 2 - Introduction Hitesh-Java
 
Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC vipin kumar
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-Onelliando dias
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onCraig Dickson
 
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...Juarez Junior
 
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...Juarez Junior
 
Datasheet weblogicpluginforrd
Datasheet weblogicpluginforrdDatasheet weblogicpluginforrd
Datasheet weblogicpluginforrdMidVision
 
Java EE 與 雲端運算的展望
Java EE 與 雲端運算的展望 Java EE 與 雲端運算的展望
Java EE 與 雲端運算的展望 javatwo2011
 
JavaOne Conference, 2008
JavaOne Conference, 2008JavaOne Conference, 2008
JavaOne Conference, 2008Sean Dawson
 
SPEC INDIA Java Case Study
SPEC INDIA Java Case StudySPEC INDIA Java Case Study
SPEC INDIA Java Case StudySPEC INDIA
 
THEFT-PROOF JAVA EE - SECURING YOUR JAVA EE APPLICATIONS
THEFT-PROOF JAVA EE - SECURING YOUR JAVA EE APPLICATIONS THEFT-PROOF JAVA EE - SECURING YOUR JAVA EE APPLICATIONS
THEFT-PROOF JAVA EE - SECURING YOUR JAVA EE APPLICATIONSMarkus Eisele
 
InterConnect 2016 Java EE 7 Overview (PEJ-5296)
InterConnect 2016 Java EE 7 Overview (PEJ-5296)InterConnect 2016 Java EE 7 Overview (PEJ-5296)
InterConnect 2016 Java EE 7 Overview (PEJ-5296)Kevin Sutter
 
Glassfish JEE Server Administration - JEE Introduction
Glassfish JEE Server Administration - JEE IntroductionGlassfish JEE Server Administration - JEE Introduction
Glassfish JEE Server Administration - JEE IntroductionDanairat Thanabodithammachari
 
Micronaut Deep Dive - Devoxx Belgium 2019
Micronaut Deep Dive - Devoxx Belgium 2019Micronaut Deep Dive - Devoxx Belgium 2019
Micronaut Deep Dive - Devoxx Belgium 2019graemerocher
 
Java EE8 - by Kito Mann
Java EE8 - by Kito Mann Java EE8 - by Kito Mann
Java EE8 - by Kito Mann Kile Niklawski
 

Ähnlich wie ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONS (20)

Framework adoption for java enterprise application development
Framework adoption for java enterprise application developmentFramework adoption for java enterprise application development
Framework adoption for java enterprise application development
 
Session 41 - Struts 2 Introduction
Session 41 - Struts 2 IntroductionSession 41 - Struts 2 Introduction
Session 41 - Struts 2 Introduction
 
Struts 2 - Introduction
Struts 2 - Introduction Struts 2 - Introduction
Struts 2 - Introduction
 
Iplanet
IplanetIplanet
Iplanet
 
TS-5358
TS-5358TS-5358
TS-5358
 
TS-5358
TS-5358TS-5358
TS-5358
 
Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
 
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
 
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
 
Datasheet weblogicpluginforrd
Datasheet weblogicpluginforrdDatasheet weblogicpluginforrd
Datasheet weblogicpluginforrd
 
Java EE 與 雲端運算的展望
Java EE 與 雲端運算的展望 Java EE 與 雲端運算的展望
Java EE 與 雲端運算的展望
 
JavaOne Conference, 2008
JavaOne Conference, 2008JavaOne Conference, 2008
JavaOne Conference, 2008
 
SPEC INDIA Java Case Study
SPEC INDIA Java Case StudySPEC INDIA Java Case Study
SPEC INDIA Java Case Study
 
THEFT-PROOF JAVA EE - SECURING YOUR JAVA EE APPLICATIONS
THEFT-PROOF JAVA EE - SECURING YOUR JAVA EE APPLICATIONS THEFT-PROOF JAVA EE - SECURING YOUR JAVA EE APPLICATIONS
THEFT-PROOF JAVA EE - SECURING YOUR JAVA EE APPLICATIONS
 
InterConnect 2016 Java EE 7 Overview (PEJ-5296)
InterConnect 2016 Java EE 7 Overview (PEJ-5296)InterConnect 2016 Java EE 7 Overview (PEJ-5296)
InterConnect 2016 Java EE 7 Overview (PEJ-5296)
 
Glassfish JEE Server Administration - JEE Introduction
Glassfish JEE Server Administration - JEE IntroductionGlassfish JEE Server Administration - JEE Introduction
Glassfish JEE Server Administration - JEE Introduction
 
Micronaut Deep Dive - Devoxx Belgium 2019
Micronaut Deep Dive - Devoxx Belgium 2019Micronaut Deep Dive - Devoxx Belgium 2019
Micronaut Deep Dive - Devoxx Belgium 2019
 
Java EE8 - by Kito Mann
Java EE8 - by Kito Mann Java EE8 - by Kito Mann
Java EE8 - by Kito Mann
 

Mehr von elliando dias

Clojurescript slides
Clojurescript slidesClojurescript slides
Clojurescript slideselliando dias
 
Why you should be excited about ClojureScript
Why you should be excited about ClojureScriptWhy you should be excited about ClojureScript
Why you should be excited about ClojureScriptelliando dias
 
Functional Programming with Immutable Data Structures
Functional Programming with Immutable Data StructuresFunctional Programming with Immutable Data Structures
Functional Programming with Immutable Data Structureselliando dias
 
Nomenclatura e peças de container
Nomenclatura e peças de containerNomenclatura e peças de container
Nomenclatura e peças de containerelliando dias
 
Polyglot and Poly-paradigm Programming for Better Agility
Polyglot and Poly-paradigm Programming for Better AgilityPolyglot and Poly-paradigm Programming for Better Agility
Polyglot and Poly-paradigm Programming for Better Agilityelliando dias
 
Javascript Libraries
Javascript LibrariesJavascript Libraries
Javascript Librarieselliando dias
 
How to Make an Eight Bit Computer and Save the World!
How to Make an Eight Bit Computer and Save the World!How to Make an Eight Bit Computer and Save the World!
How to Make an Eight Bit Computer and Save the World!elliando dias
 
A Practical Guide to Connecting Hardware to the Web
A Practical Guide to Connecting Hardware to the WebA Practical Guide to Connecting Hardware to the Web
A Practical Guide to Connecting Hardware to the Webelliando dias
 
Introdução ao Arduino
Introdução ao ArduinoIntrodução ao Arduino
Introdução ao Arduinoelliando dias
 
Incanter Data Sorcery
Incanter Data SorceryIncanter Data Sorcery
Incanter Data Sorceryelliando dias
 
Fab.in.a.box - Fab Academy: Machine Design
Fab.in.a.box - Fab Academy: Machine DesignFab.in.a.box - Fab Academy: Machine Design
Fab.in.a.box - Fab Academy: Machine Designelliando dias
 
The Digital Revolution: Machines that makes
The Digital Revolution: Machines that makesThe Digital Revolution: Machines that makes
The Digital Revolution: Machines that makeselliando dias
 
Hadoop - Simple. Scalable.
Hadoop - Simple. Scalable.Hadoop - Simple. Scalable.
Hadoop - Simple. Scalable.elliando dias
 
Hadoop and Hive Development at Facebook
Hadoop and Hive Development at FacebookHadoop and Hive Development at Facebook
Hadoop and Hive Development at Facebookelliando dias
 
Multi-core Parallelization in Clojure - a Case Study
Multi-core Parallelization in Clojure - a Case StudyMulti-core Parallelization in Clojure - a Case Study
Multi-core Parallelization in Clojure - a Case Studyelliando dias
 

Mehr von elliando dias (20)

Clojurescript slides
Clojurescript slidesClojurescript slides
Clojurescript slides
 
Why you should be excited about ClojureScript
Why you should be excited about ClojureScriptWhy you should be excited about ClojureScript
Why you should be excited about ClojureScript
 
Functional Programming with Immutable Data Structures
Functional Programming with Immutable Data StructuresFunctional Programming with Immutable Data Structures
Functional Programming with Immutable Data Structures
 
Nomenclatura e peças de container
Nomenclatura e peças de containerNomenclatura e peças de container
Nomenclatura e peças de container
 
Geometria Projetiva
Geometria ProjetivaGeometria Projetiva
Geometria Projetiva
 
Polyglot and Poly-paradigm Programming for Better Agility
Polyglot and Poly-paradigm Programming for Better AgilityPolyglot and Poly-paradigm Programming for Better Agility
Polyglot and Poly-paradigm Programming for Better Agility
 
Javascript Libraries
Javascript LibrariesJavascript Libraries
Javascript Libraries
 
How to Make an Eight Bit Computer and Save the World!
How to Make an Eight Bit Computer and Save the World!How to Make an Eight Bit Computer and Save the World!
How to Make an Eight Bit Computer and Save the World!
 
Ragel talk
Ragel talkRagel talk
Ragel talk
 
A Practical Guide to Connecting Hardware to the Web
A Practical Guide to Connecting Hardware to the WebA Practical Guide to Connecting Hardware to the Web
A Practical Guide to Connecting Hardware to the Web
 
Introdução ao Arduino
Introdução ao ArduinoIntrodução ao Arduino
Introdução ao Arduino
 
Minicurso arduino
Minicurso arduinoMinicurso arduino
Minicurso arduino
 
Incanter Data Sorcery
Incanter Data SorceryIncanter Data Sorcery
Incanter Data Sorcery
 
Rango
RangoRango
Rango
 
Fab.in.a.box - Fab Academy: Machine Design
Fab.in.a.box - Fab Academy: Machine DesignFab.in.a.box - Fab Academy: Machine Design
Fab.in.a.box - Fab Academy: Machine Design
 
The Digital Revolution: Machines that makes
The Digital Revolution: Machines that makesThe Digital Revolution: Machines that makes
The Digital Revolution: Machines that makes
 
Hadoop + Clojure
Hadoop + ClojureHadoop + Clojure
Hadoop + Clojure
 
Hadoop - Simple. Scalable.
Hadoop - Simple. Scalable.Hadoop - Simple. Scalable.
Hadoop - Simple. Scalable.
 
Hadoop and Hive Development at Facebook
Hadoop and Hive Development at FacebookHadoop and Hive Development at Facebook
Hadoop and Hive Development at Facebook
 
Multi-core Parallelization in Clojure - a Case Study
Multi-core Parallelization in Clojure - a Case StudyMulti-core Parallelization in Clojure - a Case Study
Multi-core Parallelization in Clojure - a Case Study
 

Kürzlich hochgeladen

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Kürzlich hochgeladen (20)

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONS

  • 1. ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONS Ben Alex, Principal Software Engineer TS-6348 Speaker’s logo here (optional)
  • 2. Learn what's coming in enterprise application security, and how to achieve it easily today. 2008 JavaOneSM Conference | java.com.sun/javaone | 2
  • 3. Agenda A Quick Landscape Review Simple Web Application Security Beyond Simple Web Application Security Adding Method Authorization Enterprise Connectivity AJAX Clients and Web 2.0 Final Thoughts 2008 JavaOneSM Conference | java.com.sun/javaone | 3
  • 4. Approaching AAAA Security considerations revolve around AAAA • Authentication: who are they? • Authorization: what can they do? • Accounting: what resources did they consume in doing it? • Auditing: what exactly did they do? Java™ Servlets and JAAS Third party products Build your own 2008 JavaOneSM Conference | java.com.sun/javaone | 4
  • 5. Java™ Servlet Security Solid foundation provided by the Servlet API HttpServletRequest methods • boolean isUserInRole(String role) • String getRemoteUser() • Principal getUserPrincipal() Configured in web.xml • <security-constraint> • <login-config> • <security-role> Self registration requirements being considered in JSR 315 2008 JavaOneSM Conference | java.com.sun/javaone | 5
  • 6. JAAS Java Authentication and Authorization Service (JAAS) Optional in Java™ 1.3, and included in SDK from Java™ 1.4 LoginContext CallbackHandler LoginModule Subject Principal Configured in policy files Many Java™ servers use JAAS 2008 JavaOneSM Conference | java.com.sun/javaone | 6
  • 7. Agenda A Quick Landscape Review Simple Web Application Security Beyond Simple Web Application Security Adding Method Authorization Enterprise Connectivity AJAX Clients and Web 2.0 Final Thoughts 2008 JavaOneSM Conference | java.com.sun/javaone | 7
  • 8. What Are “Simple Requirements”? Login form Authentication against common backends Web URL authorization Determining who is logged in Programmatic authorization Logout mechanism Externalization of deployment configuration Transport-level protection Maintaining authentication scope during a session 2008 JavaOneSM Conference | java.com.sun/javaone | 8
  • 9. Demonstration Software My demos today will use Spring Security 2 • Open source project from SpringSource, the company behind Spring • Formerly known as “Acegi Security”, and publicly available since 2003 Builds upon the Java™ platform • Integrates with Java™ Servlet Security container authentication • Integrates with JAAS login modules • External porting efforts underway to .Net, Python and other platforms Spring Security supports all technologies discussed today Widely used in global banking, defense, government etc 2008 JavaOneSM Conference | java.com.sun/javaone | 9
  • 10. Implementing Simple Requirements (in 10 minutes or less) 2008 JavaOneSM Conference | java.com.sun/javaone | 10
  • 11. Agenda A Quick Landscape Review Simple Web Application Security Beyond Simple Web Application Security Adding Method Authorization Enterprise Connectivity AJAX Clients and Web 2.0 Final Thoughts 2008 JavaOneSM Conference | java.com.sun/javaone | 11
  • 12. Component, State and Transition Security We're moving towards component-based web frameworks • For example, Java™ Server Faces • Reducing development time, and increasing modularity Spring Web Flow provides a JSF model and authorization of • States • Flows • Transitions Spring Web Flow unifies JSF and Spring Security 2008 JavaOneSM Conference | java.com.sun/javaone | 12
  • 13. CAPTCHA Overview Completely Automated Public Test to tell Computers and Humans Apart Useful for mitigating denial of service and IP infringement Popular Java™ solutions include JCaptcha and reCAPTCHA Consider accessibility issues • http://tinyurl.com/3ypzck (Matt May, “Escape from Captcha”, 2004) Captchas are often machine decipherable • http://www.cs.sfu.ca/~mori/research/gimpy/ 2008 JavaOneSM Conference | java.com.sun/javaone | 13
  • 14. Single Sign On and Federated Identity NTLM for Microsoft® Windows® intranet apps • Works with Mozilla® Firefox® and Microsoft® Internet Explorer® • Implement using Samba JCIFS JA-SIG Central Authentication Service (CAS) for intranet apps • Java™ (for both client and server, plus full Spring Security support) • Other clients include .Net, PHP, Perl, Apache etc OpenID for Internet apps • Sun®, IBM®, Microsoft®, Google®, Yahoo®, AOL®, Yahoo®, Blogger™ • Implement using OpenID4Java 2008 JavaOneSM Conference | java.com.sun/javaone | 14
  • 15. Agenda A Quick Landscape Review Simple Web Application Security Beyond Simple Web Application Security Adding Method Authorization Enterprise Connectivity AJAX Clients and Web 2.0 Final Thoughts 2008 JavaOneSM Conference | java.com.sun/javaone | 15
  • 16. Protecting Methods Strongly recommended in preference to web authorization • Can still be used concurrently with web URL authorization Before a method invocation • Is the user authorized in view of the signature and arguments? After a method invocation • Was the user authorized in view of the returned object? • Should the returned object be modified in some manner? Typically used on the services or domain layer • Thus all client layers are secured (web, rich client, JMS etc) • Of course, proper encapsulation and layering should remain a priority 2008 JavaOneSM Conference | java.com.sun/javaone | 16
  • 17. JSR 250 Method Security Metadata JSR 250: “Common Annotations for the Java™ Platform™” Annotate classes • @RunAs(“someRole”) • @RolesAllowed(“someRole”) • @PermitAll() • @DenyAll() • @DeclareRoles(“someRole”) Annotation interaction defined in JSR 250, Section 2.11 Spring Security supports JSR-250, plus @Secured, <protect- pointcut>, <protect-method> and custom strategies 2008 JavaOneSM Conference | java.com.sun/javaone | 17
  • 18. Domain Access Control Domain access control considers • Who the user is • Which method they are invoking on which Java™ type • Which domain object instance they are invoking the method on Major considerations • Performance and normalization level of the ACL database • Appropriate tier to perform filtering (eg database-side or Java™) • Potential propagation of user identity from Java™ to database 2008 JavaOneSM Conference | java.com.sun/javaone | 18
  • 19. Method Authorization 2008 JavaOneSM Conference | java.com.sun/javaone | 19
  • 20. Agenda A Quick Landscape Review Simple Web Application Security Beyond Simple Web Application Security Adding Method Authorization Enterprise Connectivity AJAX Clients and Web 2.0 Final Thoughts 2008 JavaOneSM Conference | java.com.sun/javaone | 20
  • 21. Basic Authentication Great for RESTful paradigms and remote clients RFC 1945, Section 11.1 Stateless HTTP header based • Header name: “Authorization” • Header value: “Basic” + “ “ + Base64(username + “:” + password) • Some SSO solutions permit session tokens to be presented over Basic Recommended, but only if used with HTTPS • Consider Digest authentication if only HTTP is available • See RFC 2617 Section 4 for a comparison of Basic and Digest • Be aware of cross-site request forgery risks 2008 JavaOneSM Conference | java.com.sun/javaone | 21
  • 22. WSS (formerly WS-Security) and REST POX WSS provides key security functionality for SOAP Use XWSS for Java™ WSS • Visit https://xwss.dev.java.net/ • XWSS version 2.0 implements OASIS WSS Specification 1.0 • XWSS version 3.0 implements OASIS WSS Specification 1.1 • Part of Project Metro (https://metro.dev.java.net/) and Glassfish™ Spring Web Services integrates XWSS and Spring Security Securing Plain Old XML using the RESTful paradigm • Option 1: Use HTTP Basic authentication • Option 2: Use XPath to extract username/password from XML payload 2008 JavaOneSM Conference | java.com.sun/javaone | 22
  • 23. Securing JMS and ESBs JMS 1.1 does not provide message integrity or privacy • Refer to JMS 1.1 Specification (JSR 914) Section 2.7 • Implementations are expected to provide such features Destination authorization may be provided (eg ActiveMQ) • Read from destination; write to destination; admin destination ESBs may provide implementation-specific capabilities • Endpoint authorization; channel authorization; security translation Spring Integration addresses security in its Q2 2008 roadmap 2008 JavaOneSM Conference | java.com.sun/javaone | 23
  • 24. Enterprise Connectivity 2008 JavaOneSM Conference | java.com.sun/javaone | 24
  • 25. Agenda A Quick Landscape Review Simple Web Application Security Beyond Simple Web Application Security Adding Method Authorization Enterprise Connectivity AJAX Clients and Web 2.0 Final Thoughts 2008 JavaOneSM Conference | java.com.sun/javaone | 25
  • 26. Securing GWT GWT offers no authentication-specific features • Option 1: ServiceDefTarget.setServiceEndPoint(...) with jsessionid • Option 2: Establish a token, then present it as a cookie and in RPC calls Key considerations • Session and/or token timeout issues • How to robustly logout • Cross-site request forgery • Transition of existing server-side authentication to GWT client Useful GWT security advice • http://tinyurl.com/3akc6y (GWT wiki) offers GWT security advice • http://tinyurl.com/2ynd26 (GWT incubator) includes Spring Security 2008 JavaOneSM Conference | java.com.sun/javaone | 26
  • 27. AJAX Clients and Web 2.0 2008 JavaOneSM Conference | java.com.sun/javaone | 27
  • 28. Agenda A Quick Landscape Review Simple Web Application Security Beyond Simple Web Application Security Adding Method Authorization Enterprise Connectivity Remote Clients and Web 2.0 Final Thoughts 2008 JavaOneSM Conference | java.com.sun/javaone | 28
  • 29. Enterprise Application Security Tips Use a proven security framework; don't roll your own Start simply, and add complexity incrementally Consider user registration requirements Plan for federated identity, particularly involving OpenID For in-house applications, consider NTLM and CAS Employ Captcha techniques to mitigate DoS attacks Favor method authorization over web authorization Annotations-based authorization metadata is quick and easy Very carefully consider any domain object instance security Prefer Basic authentication for RESTful, HTTPS interactions Leverage WSS for transport-independent SOAP 2008 JavaOneSM Conference | java.com.sun/javaone | 29
  • 30. Ben Alex, Principal Software Engineer TS-6348 Speaker’s logo here (optional) 2008 JavaOneSM Conference | java.com.sun/javaone | 30