» Signing up
» Website logos
» Event Archive
» Bestuurscolumns
» NLJUG Weblog
» NLJUG News
» General Information
» Partner profiles
» White papers of partners
» Partner news
» Signing up as a partner

J-Spring 2006

- 15 juni  - De Reehorst- Ede

Membership

Membership provides members free access to the NLJUG workshops and events on a variety of Java topics, held across the country on a regular basis. Plus on a quarterly basis the Java Magazine published by Array Systems. The NLJUG is a member of a worldwide network of Java User Groups.

Fill in the form to sign up.

NLJUG

Founded in 1998, the Dutch Java Users Group consists of business partners, software developers, application architects, technical managers, students, and new media developers that have a common interest in all aspects of Java Technology.

NLJUG partners

Whitehorses
» meer partners

Mediapartner

Het JavaMagazine, gratis bij een NL-JUG lidmaatschap

Integrating security into the J2EE development process

Nowadays, more than 70% of the reported security vulnerabilities are caused by flaws in applications.
Especially for J2EE applications security is one of the most important quality aspects, as J2EE
is typically used for public websites and back office processing. However, in most J2EE projects,
the implementation of security is postponed until the end of the project. This is partly caused by the
misconception that in J2EE, security can be declaratively added once the application is deployed.
Another important reason is that most projects are primarily focused on delivering functionality.
This presentation describes how to develop more secure applications by integrating security in the
J2EE development process. This is done by adding a number of security activities in each phase of
the project, starting in the requirements phase by analyzing the risks that should be mitigated and
ending after the application has been deployed in a secure environment.

Prerequisite knowledge:
* Basic understanding of application security
* Experience with developing J2EE applications

The presentation has the following outline:
* Introduction
* What is offered by J2EE security and what is not?
* Consequences and impact
* Adding security to the software development process
- Requirements: risk analysis and security requirements
- Design: threat modeling and design review
- Coding: Code analysis and security unit testing
- Test: Risk-based security testing
- Deployment: Penetration testing
* Conclusions
* Questions


Download de presentatie (712 Kb)

 Eelco Klaver 
E.Consulting
Eelco Klaver is sinds 2006 werkzaam als senior consultant bij E.Consulting, wat zich specialiseert in Enterprise Java consultancy en training. Hij houdt zich hier bezig met Enterprise Java architectuur, security workshops, software reviews en security audits. Eelco heeft ruim 11 jaar hands-on ervaring met het ontwikkelen van enterprise applicaties in Java en J2EE bij verschillende werkgevers en voor diverse grote opdrachtgevers. De laatste jaren heeft hij zich gespecialiseerd in de beveiligingsaspecten van op J2EE gebaseerde enterprise applicaties.