Yes, the demand for rich clients and rich-client-like Web applications are definitely overwhelming for its look and feel performance. When we think of rich clients over Web, we often think of applets as a solution in the first place and we forget to consider other promising options like Java Web Start (JWS) and other Web 2.0 interfaces via Ajax and… Read more »
Last week, I was test driving a PIV Smartcard based PKI as a keystore (via Java PKCS#11) to support using the PKI/certificate credentials for performing encryption/decryption and digital signature operations (PKI based logins to Web applications, Encryption/decryption of documents, Digitally signing email). There is no secret receipe but some of you may find it a bit difficult – if you… Read more »
Last week, I was at the 7th Annual Smart Card in Government Conference and had the opportunity to join a panel on “Personal Identity Verification (PIV) – Technologies” and presented a session entitled “Managing PIV Lifecycle and Converging Physical and Logical Access Control” with emphasis on implementing HSPD-12/FIPS-201 mandates. I thoroughly enjoyed my participation in the conference, particularly the overwhelming … Read more »
I received this question from one of our book readers …ofcourse XSS is becoming widely popular. I had my own first-hand experience of XSS by test driving in my lab – believe me – I don’t have malicious intentions or crazy motives. If you want to verify your J2EE Web applications for XSS ulnerability…here is my cooked response – for… Read more »
Couple of days ago, I received the above question from one of our readers. Although I briefly responded to him over email, I really wanted to explore the known traits for defending this vulnerability : HTTP response splitting is a Web application input validation vulnerability that allows to exploit the HTTP headers of a Web application for initiating attacks leading… Read more »
I always had a love and hate interest with using OpenSSL ! But I should agree that it did help me many times…whenever I wanted to quickly test-drive my craziest ideas with PKI certificates. Couple of things I like about OpenSSL is its tools/utilities for testing as equivalent to a commerecial-grade CA and its FIPS-140 compliance. Also, I always get… Read more »
Last week, I was at Biometric Consortium Conference 2006 to present “Biometric Single Sign-On using SAML: Architecture and Design Strategies” and demonstrate one of my favorite topic of interest – Stronger authentication solution that combines “Web Access Management/SSO/Federation” using “Biometrics”. I used my previous JAAS Module integration work between Sun Java System Access Manager 6.x (SunONE Identity Server) and BioBex… Read more »
After long time, last week Chris and I joined together at Newyork for presenting a session on “Security By Default” at “Information Security Conference – 2006”. The overall attendance in the conference was’nt great…. but we did have some participation in our session. Chris and I did’nt forget to have fun especially the good food and drinks at couple of… Read more »
Couple of days ago, I presented “Patterns-driven Security Design” at an event hosted by “New England Java User Group” at Sun Burlington campus.The participants were outstanding, I had quite a lot of good questions…. and by the time I left the building it was 10:00 PM. It was quite inspiring event as this is first time I presented the complete… Read more »
I had my own share of opportunities to present the SOA architecture for our customers. My friends outside Sun always curious to know – “Is SOA real ? Is it production-ready from a single vendor ? What about those standards ?”. Also, I heard few other interesting phrases about SOA as “Same old architecture”, “SOAP-oriented architecture”…! Here is my shot… Read more »