Yes, the demand for rich clients and rich-client-like Web applications are definitely overwhelming for its look and feel performance. When we think of rich clients over Web, we often think of applets as a solution in the first place and we forget to consider other promising options like Java Web Start (JWS) and other Web 2.0 interfaces via Ajax and… Read more »
Last week, I was test driving a PIV Smartcard based PKI as a keystore (via Java PKCS#11) to support using the PKI/certificate credentials for performing encryption/decryption and digital signature operations (PKI based logins to Web applications, Encryption/decryption of documents, Digitally signing email). There is no secret receipe but some of you may find it a bit difficult – if you… Read more »
Last week, I was at the 7th Annual Smart Card in Government Conference and had the opportunity to join a panel on “Personal Identity Verification (PIV) – Technologies” and presented a session entitled “Managing PIV Lifecycle and Converging Physical and Logical Access Control” with emphasis on implementing HSPD-12/FIPS-201 mandates. I thoroughly enjoyed my participation in the conference, particularly the overwhelming … Read more »
Couple of days ago, I received the above question from one of our readers. Although I briefly responded to him over email, I really wanted to explore the known traits for defending this vulnerability : HTTP response splitting is a Web application input validation vulnerability that allows to exploit the HTTP headers of a Web application for initiating attacks leading… Read more »
I always had a love and hate interest with using OpenSSL ! But I should agree that it did help me many times…whenever I wanted to quickly test-drive my craziest ideas with PKI certificates. Couple of things I like about OpenSSL is its tools/utilities for testing as equivalent to a commerecial-grade CA and its FIPS-140 compliance. Also, I always get… Read more »
I received the following question from one of the readers from TechTarget.com: Though I am not a beginner in Java, I recently got interested in Java security. What should I be learning in order to get a job in Java security? Is there anything in particular that could lead me to a career in this area? Here is my response:… Read more »
This week, I had the opportunity to deliver a two-hour indepth session on Java Security Architecture at Boston University. I tried my best to drill-down to the nitty-gitty details of security in Java runtime environment – offcourse, I picked most of the content from my book. It was a long session with a 15-min break..I am glad that I did’nt… Read more »
After long time, last week Chris and I joined together at Newyork for presenting a session on “Security By Default” at “Information Security Conference – 2006”. The overall attendance in the conference was’nt great…. but we did have some participation in our session. Chris and I did’nt forget to have fun especially the good food and drinks at couple of… Read more »
Couple of days ago, I presented “Patterns-driven Security Design” at an event hosted by “New England Java User Group” at Sun Burlington campus.The participants were outstanding, I had quite a lot of good questions…. and by the time I left the building it was 10:00 PM. It was quite inspiring event as this is first time I presented the complete… Read more »
This week, Chris and I will be participating in JavaRanch online discussion forum to share our Core Security Patterns work and answer questions from the JavaRanch developer community particularly those with SECURITY focus. The discussion will start Tuesday, January 10th 2006 and end on Friday January 13th 2006. As a surprise, We’ll be selecting four random posters in this forum… Read more »