InfoQ Homepage Security Content on InfoQ
-
Presentation: Operational Scalability in the Next Generation Web World
In this presentation filmed during JAOO 2007, Wayne Fenton, Director of Architecture at eBay Inc., talks about the ways in which software architects can design systems for much-improved efficiency and reliability from an operational perspective.
-
Microsoft announces release of “Zermatt” Identity Framework
Microsoft released a beta of “Zermatt”, an identity framework for developers using the .Net framework. The framework helps developers build claims-aware applications to address application security requirements using a simplified application access model.
-
Security Advisory Issued for Spring MVC
A security advisory was issued today regarding two potential Spring MVC issues which may affect applications that have been implemented using Spring MVC, both of which deal with the server-side processing of client-side parameters. InfoQ analyzed this issue in detail and spoke with Ounce Labs, which identified these issues.
-
Google Releases Open Source Web Application Security Assessment Tool
Google has announced the open source release of "ratproxy" - a passive web application security assessment tool.
-
Presentation: Security (CAS and OpenID) with Ruby
In this presentation from QCon SF 2007, Justin Gehtland explains two open solutions to distributed identity and their Rails integration components: the OpenID system (using ruby-openid) and CAS (using rubycas-client).
-
Excelsior JET 6.4: Smaller, Faster, More Secure Java
Since the beginning of time Java applications have been battered with complaints about startup time, memory footprint, performance and security. Recently Sun started to address some of the issues by introducing the Consumer JRE. However, Excelsior JET is a product which provides their own spin on solving these problems.
-
Ruby interpreter vulnerabilities
A few vulnerabilities were found Ruby 1.8.x and 1.9.x and could potentially allow for DoS attacks or allow attackers to execute arbitrary code. Patched versions of Ruby are already available.
-
OAuth Gaining Momentum
OAuth, an open standard for access delegation, is gaining momentum with a number of implementations including one for Spring Security.
-
SpringSource's Ben Alex Details Emerging Standards in Application Security
At JavaOne 2008 conference, Ben Alex from SpringSource talked about emerging security requirements in enterprise applications. He discussed the standards like Servlet Security, JAAS, CAPTCHA, Single Sign-On and Federated Identity using OpenID technology. The presentation also included the standards on securing web services (WS-Security), JMS messaging and ESB.
-
Architecture of a $7 Billion Loss: Causes and Remedies
PWC just released a report detailing the mechanisms that enabled a trader to mask a $75 B position. He was able to manipulate the state of a system by entering fake "technical" transactions used for simulations even though their amount was unusual, his role was not authorized to do so, and they were not later compensated. PWC also provided their recommendations to fix the systems and processes.
-
Presentation: Patterns for securing architectures
Security is about trade-offs you make with your limited resources, often a problem when designing a system or an after-thought. Few have the expertise to design good security and most development teams have no security expert. In this talk, Peter Sommerlad focuses on Security Patterns for designing security in architectures, such as Role-based Access Control, Single Access Point, and Front Door.
-
Spring (Acegi) Security 2.0 Adds OpenID Support, REST Capabilities, and Performance Improvements
Spring Security 2.0 has been released after almost two years of development. This new release replaces Acegi Security as the official security module for Spring applications and includes significant enhancements and new features.
-
Security for Services and Mashups
Security has become a rising concern in most applications and systems today. Whether you are building small mashups, enterprise applications, or a platform for SOA, there are several issues and approaches that are being discussed. Erica Naone talked about dealing with security in the world of mashups recently while Bob Rhubart and David Garrison from BEA discussed securing the services you deploy.
-
OASIS Symposium: Composability within SOA
OASIS is going to hold a 3 day symposium on the topic of "Composability within SOA" in Santa Clara, CA from April 28th to April 30th. Engineers and Scientists from vendors and end-user companies will discuss topics including mashups, Service-Oriented Ajax, SCA, BPEL, SDO, BPM, Web Service Transactions, Data Security in SOA, SOA Reference Architecture...
-
Article: Securing a Grails Application with Acegi Security
In this article, Fadi Shami gives a walkthrough of integrating the grails-acegi plugin with a sample Grails application. As part of this integration, there are three major components which are used – Groovy, Grails and Acegi Security.