OWASP, an open and free organization focused on evaluating and improving software application security, has released the OWASP Top 10 Application Security Risks – 2010 RC1, a whitepaper documenting the top 10 web application security risks along with details on how threat agents can exploit these possible vulnerabilities, accompanied with examples and advice on what can be done to avoid them.
Google proposes SPDY, a new application protocol running on top of SSL, a protocol to replace HTTP which is considered to introduce latencies. They have already created a prototype with a web server and an enhanced Chrome browser that supposedly loads web pages twice as fast.
David Durham, manager of Intel's Security and Cryptography Research group, was recently interviewed on the subject of Internet and Computer Security. The interview covers a wide range of topics including the "monetization of malware," Cloud-based detection of malware, security of data stored in the Cloud, "Botnets in the Dark Cloud," and malware as a tool in geo-politics.
InfoQ's recent post on REST-*.org, which covered the announcement of REST-* and some of the community response to it, has drawn many responses. Changes have also been made to REST-*.org as a result of some of the feedback. Infoq had a chance to interview Bill Burke, a lead for the REST-* initiative, to learn more.
In a recent blog entry Benjamin Carlyle discusses how he believes the current approach to MIME type management is a problem for greater REST adoption. He proposes a few alternatives but mentions that they do have their own problems as well.
In a presentation, recorded at QCon San Francisco, ThoughtWorks' Ian Robinson explains how a RESTful HTTP approach can be applied in an Enterprise project. He makes use of many of the techniques that make HTTP a powerful protocol, including caching, hypermedia, and uses standard formats such as Atom Syndication for event notification.
HTTP is one of the most successful protocols in the world, and more and more developers are using it to do more than drive HTML UIs. In this presentation, recorded at QCon San Francisco 2008, HTTPbis WG chair Mark Nottingham gives an update on the current status of the HTTP protocol in the wild, and the ongoing work to clarify the HTTP specification.
Planning reusability is hard, designing for unforeseen reuse might be even harder. In this QCon London 2008 talk, Steve Vinoski presents some of the barriers to reuse found in typical distributed systems development approaches, and discusses how REST not only helps overcome some of these barriers, but also leads to potentially significantly increased chances for achieving serendipitous reuse.
Grey Lens Man, a blogger who does not decline his identity, posted an interesting piece about legacy problems plaguing the enterprise and proposes a new software stack as viable solution: JOSH, JSON OSGi Scala HTTP.
The ways to cache a web application are numerous and often complex. Apart from the very basic page caching, Rails 2.2 introduced conditional GET through the use of HTTP headers: last_modified and etag. Following most of the internet standard caching section of RFC2616, Ryan Tomayko released Rack::Cache.
Ruby's implementation of Net::HTTP has serious performance problems in the current version 1.8.6, caused by some implementation details. Luckily, both Ruby 1.8.7 and 1.9's implementation performs much better.
After a little more than one and a half years, the Java platform gets its own API for building RESTful web services: JAX-RS, JSR 311. InfoQ had a chance to talk to spec leads Marc Hadley and Paul Sandoz.
Gavin Terrill explores one of the lessor known facilities available to web developers, the humble "ETag Response Header", and how to integrate its use in a Spring and Hibernate based web app to improve application performance and scalability.
JVM clustering vendor Terracotta has released for free use their Terracotta Sessions for Tomcat. The product is based on their distributed shared objects (DSO) product which uses a hub and spoke architecture and can synchronize changes across nodes at the field level (instead of serialization). The license allows projects with up to 4 nodes in their cluster to use it for free.
.NET and Java interop can be made really simple using a REST documentcentric approach. This article compares a REST and SOAP approach to interop as well as the advantages of using HTTP POST vs. GET for REST invocations.