Few weeks ago, US Dept. of Homeland security (National Cyber Security Division) in collaboration with SANS Institute/MITRE teams worked together and released a list of 25 dangerous programming errors as common security flaws, which opens doors for easy exploitation. My first look at this list, I thought it is a old wine in a new bottle as the document sounded… Read more »
Last week, I was test driving a PIV Smartcard based PKI as a keystore (via Java PKCS#11) to support using the PKI/certificate credentials for performing encryption/decryption and digital signature operations (PKI based logins to Web applications, Encryption/decryption of documents, Digitally signing email). There is no secret receipe but some of you may find it a bit difficult – if you… Read more »
This week, I had the opportunity to deliver a two-hour indepth session on Java Security Architecture at Boston University. I tried my best to drill-down to the nitty-gitty details of security in Java runtime environment – offcourse, I picked most of the content from my book. It was a long session with a 15-min break..I am glad that I did’nt… Read more »
We did two panel sessions at RSA Conference, SFO last week – Both were well received. Here is the links to the slides that we used to present “Core Security Patterns” in the sessions. RSA 2005 Panel – Building End-to-End Security for XML Web Services: Applied Techniques, Patterns and Best Practices Security Patterns and Best Practices for J2EE, Web Services… Read more »