Time flies..it is amazing to know, yesterday marked the 15th anniversary of Design Patterns: Elements of Reusable Object-Oriented Software by Gang of Four (Erich Gamma, Richard Helm, Ralph Johnson and John Vlissides), a seminal work in object-oriented software design and development that changed the way how we think and solve software implementation problems. In simpler terms., Design patterns is all about adopting to proven solutions… Read more »
I admit that I am not a SOA expert or pretend to be one ! Lately, I had a chance to explore few security features intended for securing XML Web Services and Java EE applications. With my little knowledge to SOA, I found that XML Web services play a vital role in SOA to enable loosely-coupled services and ensuring interoperability. From a security perspective, the core foundation… Read more »
Last few weeks, I have been pulled into an interesting gig for demonstrating security for _____ SOA/XML Web Services and Java EE applications…. so I had a chance to play with some untold security features of Solaris 10. KSSL is one of the unsung yet powerful security features of Solaris 10. As the name identifies, KSSL is a Solaris Kernel Module that… Read more »
Java Card technology has been a passion of mine for so long and I always tried my best to keep updated on Smart card technologies…… not just because of my role at Sun, I did get several opportunities to work closely with citizen-scale Java Card deployments with multiple National ID, eID/ICAO, US DoD/CAC, PIV/FIPS-201 cards and related Identity management projects. It is always been quite adventurous everytime to experience a card issuance… Read more »
FIPS-140* compliance has gained overwhelming attention these days and it has become a mandatory requirement for several security sensitive applications (mostly in Government and Security solutions and recently with select finance industry solutions and particularly for achieving compliance with regulatory mandates such as PCI DSS, FISMA, HIPPA, etc ). FIPS-140 also helps defining security requirements for supporting integration with cryptographic hardware and software tokens. Ensuring… Read more »
One thing I noticed lately…is lot of interest about understanding the usage of ‘Obfuscated Transfer Object (OTO) ‘ from Core Security Patterns. I got multiple emails about its code and implementation .. understandably there is a growing security concern about using Transfer Object (aka Value Object) that passes security-sensitive data elements between Java EE tiers (especially between Presentation/Business/Persistence), when the… Read more »
Few weeks ago, US Dept. of Homeland security (National Cyber Security Division) in collaboration with SANS Institute/MITRE teams worked together and released a list of 25 dangerous programming errors as common security flaws, which opens doors for easy exploitation. My first look at this list, I thought it is a old wine in a new bottle as the document sounded… Read more »
It’s been so long, I had been involved with multiple Smartcard/PKI projects particularly supporting integration of Sun technologies for use with National eID, US Federal (HSPD-12 / PIV cards) and DoD CAC projects. There is no secret sauce, but unfortunately I did’nt find time to put together a trustworthy documentation addressing the technical aspects of using Smartcard based PKI credentials… Read more »
Not a shameless promotion – I came to know from multiple feedback and praises from the people who took the Sun Certified Enterprise Architect exam. Core Security patterns is overwhelmingly suggested as a reference text for “Section 8 – Security” of Sun Certified Enterprise Architect for Java EE5 exam. Section 8: Security Explain the client-side security model for the Java SE environment,… Read more »
I had been involved with multiple Biometric ISV providers and its integration with Sun technologies particularly OpenSSO, IdM, Sun Rays and Solaris. I also had the opportunity to deploy Biometric solutions to few govt organizations that starts with “D” and “N”. Believe it or not…we have few of them in production. Now, getting down to the specifics – Putting it… Read more »