InfoQ Homepage Security Content on InfoQ
-
The Problem(s) with the Browser
Collin Jackson discusses ways to enforce browser session security against threats such as Cross-Site Request Forgery and various network attacks by using Local Storage and Strict Transport Security.
/presentations/Problems-with-the-Browser/en/smallimage/CollinJackson.JPG)
-
SOA Threat Modeling: Attacking and Defending REST, XML and SOAP-based Services
Jason Macy details the basic requirements for security testing and SOA gateway, attack examples and countermeasures to protect against SQL Injection, DoS, XSD Mutation, and Identity type of attacks.
/presentations/Attacking-Defending-Web-Services/en/smallimage/SOASymposium-Jason Macy.JPG)
-
Enterprise SOA Security
Dirk Krafzig presents general aspects of implementing SOA security using a token and role-based approach rather than session and application-based access to resources, including organizational issues.
/presentations/Enterprise-SOA-Security/en/smallimage/Dirk Krafzig.JPG)
-
Introduction to Spring Security 3/3.1
Mike Wiesner demoes using Spring Security 3 with its new features, such as expression language-based authorization and extensions, to implement authentication and authorization in Java applications.
/presentations/Spring-Security-3/en/smallimage/Mike Wiesner.JPG)
-
Architecting the Ultimate Control-Point-Advanced Cyber-Threat Mitigation
Blake Dournaee presents Intel’s Service Gateway, a security control point meant to secure on-premise and in the cloud .NET/Java-based web services from various security threats.
/presentations/Securing-Web-Services/en/smallimage/blake.JPG)
-
Does REST Need Middleware?
Bill Burke shows how to use REST to create interfaces to middleware services – messaging, transactions, workflow, security – in order to have RESTful enterprise SOA implementations.
/presentations/Does-REST-Need-Middleware/en/smallimage/burke.JPG)
-
Understanding SOA Security Patterns
Jason Hogg discusses web services security obtained through threat modeling based on security design patterns, and explaining a number of such patterns related to processes, services and SOA security.
/presentations/Understanding-SOA-Security-Patterns/en/smallimage/soa.JPG)
-
Risk, Lean Development & Profit: Getting Back to Basics
Robert N. Charette talks about challenging assumptions which leads to discovery and innovation, the relationship between risk and profit in Lean, and about the need to master risk management.
/presentations/Risk-Lean-Development-Profit/en/smallimage/charette.JPG)
-
SOA Governance: Where the Rubber Meets the Runtime
Harold van Aalst addresses SOA governance at runtime by having a tool capable of discovering when rules or policies are broken in order to be able to act on time to limit the potential damage.
/presentations/SOA-Governance-Development-Deployment-Runtime/en/smallimage/Harold van Aalst.jpg)
-
Security for the Services World
Chris Riley presents security issues threatening service based systems, examining security threats, presenting measures to reduce the risks, and mentioning available security frameworks.
/presentations/Security-for-the-Services-World/en/smallimage/ChrisRiley.jpg)
-
Working With Spring Web Flow
Keith Donald discusses controller modules, Ajax events, partial responses, security, data access, lazy-load exceptions, testing, flow design/implementation best practices, and deploying flows.
/presentations/donald-working-with-spring-web-flow/en/smallimage/KeithD.jpg)
-
Overview of the Spring 3.0 Web Stack
Keith Donald discusses the Spring 3.0 web stack, key features, demos of Spring MVC, REST support, automatic data conversion, data binding and validation, and the roadmap for the Spring web stack.
/presentations/donald-overview-spring-3.0-web-stack/en/smallimage/Keith.jpg)