Java201.com

• SSO and Identity Management by Justen Stepka   - [Clicks: 36]
  As web-applications have grown over the years to support various business processes, these applications have expanded the number of users, groups and roles that need to be managed by administrators. With most of these applications, administration functions are controlled by a small sub-set of internal users that have permissions to access additional functionality where they become the gatekeeper for the security information and application deployment attributes. The burden taken on with the administration grows as the number these systems are deployed. This is where single sign-on (SSO) and identity management can reduce the overall administration work when managing user information such as their password, attributes, group, and roles memberships in a centralized user repository.
  http://www.theserverside.com/articles/article.tss?l=SSOIdentityManagement - Dec, 2005
• Build extra secure Web applications by Derek Fong   - [Clicks: 160]
  Developers constantly fight the problems associated with action and data tampering in Web applications. This article provides a framework to secure these vulnerabilities. You can embed this framework, which offers a logical security design, in common presentation frameworks, such as Struts.
  http://www-128.ibm.com/developerworks/web/library/wa-wapprotect/ - Nov, 2005
• Handling Java Web Application Input, Part 2 by Stephen Enright   - [Clicks: 59]
  This is the second article in a series on handling Java web application input. In part one, I talked about validation best practices and SQL injection attacks. In this article, I will continue the theme, and in particular will talk about the threat of cross-site scripting, as well as looking at correctly handling exceptions in J2EE web applications.
  http://today.java.net/pub/a/today/2005/09/20/handling-web-app-input.html - Sep, 2005
• Handling Java Web Application Input, Part 1 by Stephen Enright   - [Clicks: 59]
  The purpose of this series of articles is to explain common security vulnerabilities associated with application input. This series emphasizes the importance of handling application input correctly. Although the topics covered are nothing new, they are critical to ensuring the security of an application. This series is aimed at practitioners interested in planning, designing, implementing, and maintaining software systems that are unaware of such issues. In this article, part one in the series, we will look at some validation best practices, along with SQL injection attacks. In later articles, we will look at other common attacks, and in particular, part two will deal with cross-site scripting attacks and error-handling techniques.
  http://today.java.net/pub/a/today/2005/09/08/handling-java-web-app-input.html - Sep, 2005
• Writing Secure Enterprise Applications by Neil Smithline   - [Clicks: 85]
  This article discusses several common programming flaws that can lead to insecure Web sites, including password vulnerabilities, cross-site scripting vulnerabilities, insecure storage vulnerabilities, and denial-of-service vulnerabilities. For each vulnerability we will provide a summary, an example of typical attacks, an account of real-life attacks, and prevention strategies. This article is intended for developers or architects who are interested in writing secure Web applications.
  http://dev2dev.bea.com/pub/a/2005/07/secure_applications.html - Jul, 2005
• Create an anonymous authentication module by Anand Raman   - [Clicks: 44]
  Spam has become one of the biggest menaces on the Web. Many community-based applications force authentication only to distinguish a valid user from an automated spam-bot, which can be overkill in some cases. CAPTCHAs help in differentiating between real users and automated bots. In this article, Anand Raman uses CAPTCHAs as weak authentication mechanisms for J2EE Web applications. He begins with a quick introduction to both the J2EE Web application security model and CAPTCHAs. He then builds on these concepts to implement a JAAS (Java Authentication and Authorization Service) login module using CAPTCHAs and integrates it with an application server's existing security infrastructure. The artifacts are based on standard J2EE security mechanisms. Hence, the module can be reused on any J2EE application or across different application servers with some minor modifications.
  [Includes source code]
  http://www.javaworld.com/javaworld/jw-03-2005/jw-0307-captcha.html - Mar, 2005
• Exploring J2EE Security for Applications using LDAP by Frank Teti   - [Clicks: 73]
  This article is loosely based on prototyping a number of J2EE applications constructs, such as servlets, EJB, MDB (Message-driven Beans) and JSP implemented using LDAP (Lightweight Directory Access Protocol) for application authorization. The applications were built in order to understand standard J2EE security and IBM WebSphere extensions. The article identifies key interfaces within WebSphere Application Server Version 5.x (WAS) or any J2EE compliant application server that need to be configured in order to build secure applications.
  http://www.theserverside.com/articles/article.tss?l=LDAP - Jan, 2005

[Top]