JavaZone 2010 - How to Defend Against the OWASP Top Ten Web Security Threats
When it comes to cross cutting software concerns, we expect to have or build a common framework or utility to solve this problem. This concept is represented well in the Java world with the log4j framework, which abstracts the concern of logging, where it logs and the management of logging. The one cross cutting software concern that seems for most applications to be piecemeal is that of security. Security concerns include certification generation, SSL, protection from SQL Injection, protection from XSS, user authorization and authentication. Each of these separate concerns tend to have there own standards and libraries and leaves it as an exercise for the development team to cobble together a solution which includes multiple needs.... until now... Enterprise Security API toolkit from OWASP.
This session will look at a number of security concerns and how the ESAPI library provides a unified solution for security. This includes authorization, authentication of services, encoding, encrypting, and validation. This session will discuss a number of issues that can be solved through standardizing on the open source Enterprise Security API.
Ken Sipe
Ken Sipe is a Technology Director with Perficient, Inc. (PRFT) in St. Louis, MO, USA, where he leads multiple teams in the development of enterprise solutions on both the Java and .Net platforms.
Ken was the founder of CodeMentor, where he was the Chief Architect and Mentor, leading clients in the execution of RUP and Agile methodologies in the delivery of software solutions.
Ken is passionate about technology and regular speaks on topics of architecture and software development. He is a core speaker with NFJS and won the Rock Star award in 2009 at JavaOne, JavaZone and The Strange Loop.