InfoQ

Presentation

Recorded at:
Recorded at

Establishing Your Organization's Enterprise Security API

Posted by Jeff Williams on Nov 05, 2008 10:54 AM

Community
Architecture,
Java
Topics
Web Services ,
Security ,
Open Source ,
Design
Tags
QCon San Francisco 2007 ,
QCon ,
API ,
Web services
Summary
Every organization should define a standard way for developers to perform common security-related actions - authenticating, access control, validation, encoding, encryption, logging, error handling, and more. In this talk, Jeff discuss the process of establishing a security API for your enterprise, focusing on the most critical methods needed by web application and web service developers.

Bio
Jeff Williams is the founder and CEO of Aspect Security and serves as the volunteer Chair of the Open Web Application Security Project, a free and open source organization dedicated to finding and fighting the causes of insecure software. Jeff has been writing code for 25 years, speaks frequently on application security, and has published numerous papers on practical risk and assurance techniques.

About the conference
QCon is a conference that is organized by the community, for the community.The result is a high quality conference experience where a tremendous amount of attention and investment has gone into having the best content on the most important topics presented by the leaders in our community.QCon is designed with the technical depth and enterprise focus of interest to technical team leads, architects, and project managers.

RelatedVendorContent

Evolutionary Design through Agile Development Podcast

Migrating from Apache Tomcat v6 to WebSphere AppServer Community Edition V2.1

How to use Open Source SOA Safely in the Enterprise

Rich Internet Applications Project Portal

Enable the Agile Enterprise through Incremental adoption of Practices Webcast

No comments

Reply

Educational Content

JRuby: The Pain of Bringing an Off-Platform Dynamic Language to the JVM

Charles Nutter discusses bringing JRuby to the JVM, why Ruby is hard to implement, JIT compilation, precompilation, core Ruby implementation, Java library access, library challenges and future plans.

Performance Anti-Patterns in Database-Driven Applications

Alois Reitbauer specifies several architectural anti-patterns that one should stay away from and which can downgrade an application’s performance.

Making TDD Stick: Problems and Solutions for Adopters

Teams in large organizations still struggle to adopt TDD. In this article Mark Levison shares problems he uncovered when he surveyed teams, and his own strategy to introduce TDD into an organization.

Testing is Overrated

In this talk from RubyFringe, Luke Francl asks: is developer-driven testing really the best way to find software defects? Or is the emphasis on testing and test coverage barking up the wrong tree?

  •  Jan 02, 2009,
  •  

VM Optimizations for Language Designers

John Pampuch discusses the HotSpot compiler, the history of Java performance, HotSpot development philosophies and challenges, optimization, JVM library improvements, and tips for better performance.

  •  Dec 31, 2008,
  •  

Keith Braithwaite, an Agile Skeptic

In this interview, Keith Braithwaite, an Agile developer, consultant and trainer, says that we should show a good deal of skepticism towards today’s Agile practice.

Workflow Orchestration Using Spring AOP and AspectJ

This article demonstrates how to build and orchestrate highly configurable and extensible yet light-weight embedded process flow using AOP techniques with Spring AOP and Aspect J.

Embrace Uncertainty

Jeff Patton explains why one needs to embrace uncertainty in order to succeed with his/her Agile project and how to avoid some of the common mistakes leading to project failure.