Top tien web applicatie kwetsbaarheden in J2EE

Ontwikkelaars van web applicaties kunnen veel doen aan de beveiliging van hun applicaties. Java web applicaties zijn niet gevoelig voor buffer overflows, maar kunnen op een hoop andere manieren onveilig zijn. Dit is niet alleen aan te pakken door de J2EE security goed te configureren maar ook door het juist valideren van de input, het correct coderen van HTML output, het op de juiste manier opbouwen van SQL queries en ga zo maar door.
Het Open Web Application Security Project heeft de tien meest voorkomende security problemen in web applicaties gecatalogiseerd. In deze presentatie zullen we die (en eentje die de top tien niet gehaald heeft!) behandelen en aan de hand van voorbeelden laten zien hoe je deze problemen in Java aanpakt.

Download de presentatie (233 Kb)

Vincent Partington
XebiaLabs
Vincent Partington is a technology entrepreneur and an Internet industry veteran with over 15 years of experience. Vincent’s passion for technology began while studying computer science at the University of Amsterdam where Vincent was involved heavily in the then budding Internet scene in Amsterdam, working at the first free Internet service (De Digitale Stad) from 1995 onwards. After graduating in 1997, he continued his work in the Internet industry. He quickly stumbled upon what was later to become J2EE and delivered his first Enterprise Java application in 1998. After working in the Java EE space at different companies, Vincent Partington joined Xebia, in 2003. At Xebia, Vincent performed a whole range of assignments covering the spectrum of the activities of Xebia IT Architects: middleware architecture, automated build and deployment systems, performance tuning, security assessments, SOA architecture and numerous software audits. He has also taught a number of courses on Enterprise Java topics such as security and the Spring framework Seeing a need for standard Java EE deployment automation, Vincent Partington founded the startup XebiaLabs in the summer of 2008. After delivering the first version of the product to launching customer KLM, the product, Deployit, was extended to not only support WebSphere Application Server but a host of other middleware platforms including Oracle WebLogic Server, JBoss Application Server and Tomcat. As the Chief Technical Officer of XebiaLabs Vincent is involved in development of the product and research into new features and new directions for the product. Vincent Partington holds a masters degree in Computer Science from the University of Amsterdam in the Netherlands.

Eelco Klaver
E.Consulting
Eelco Klaver is sinds 2006 werkzaam als senior consultant bij E.Consulting, wat zich specialiseert in Enterprise Java consultancy en training. Hij houdt zich hier bezig met Enterprise Java architectuur, security workshops, software reviews en security audits. Eelco heeft ruim 11 jaar hands-on ervaring met het ontwikkelen van enterprise applicaties in Java en J2EE bij verschillende werkgevers en voor diverse grote opdrachtgevers. De laatste jaren heeft hij zich gespecialiseerd in de beveiligingsaspecten van op J2EE gebaseerde enterprise applicaties.

J-Fall 2005

Membership

NLJUG

NLJUG partners

Mediapartner

Top tien web applicatie kwetsbaarheden in J2EE


J-Fall 2005 - 12 oktober - De Reehorst- Ede Overzicht Programma Locatie Sessies Sprekers Resultaten evaluatie


Membership Membership provides members free access to the NLJUG workshops and events on a variety of Java topics, held across the country on a regular basis. Plus on a quarterly basis the Java Magazine published by Array Systems. The NLJUG is a member of a worldwide network of Java User Groups. Fill in the form to sign up.


NLJUG Founded in 1998, the Dutch Java Users Group consists of business partners, software developers, application architects, technical managers, students, and new media developers that have a common interest in all aspects of Java Technology.