Java Web Application Security: Develop. Penetrate. Protect. Relax.
In this session, you'll learn how to implement authentication in your Java web applications using Spring Security, Apache Shiro and good ol' Java EE 6 Container Managed Authentication. You'll also learn how to secure your REST API with OAuth and lock it down with SSL.
After learning how to develop authentication, I'll introduce you to OWASP, the OWASP Top 10, its Testing Guide and its Code Review Guide. From there, I'll discuss using Zed Attack Proxy to verify your app is secure and commercial tools like webapp firewalls and accelerators.
About Matt Raible
Matt Raible has been building web applications for most of his adult life. He started tinkering with the web before Netscape 1.0 was even released. For the last 13 years, Matt has helped companies adopt open source technologies (Spring, Hibernate, Apache, Struts, Tapestry, Grails) and use them effectively. Matt has been a speaker at many conferences worldwide, including ApacheCon, JavaZone, Colorado Software Summit, No Fluff Just Stuff, and a host of others.
Matt is an author (Spring Live and Pro JSP), and an active "kick-ass technology" evangelist on raibledesigns.com. He is the founder of AppFuse, a project which allows you to get started quickly with Java open source frameworks, as well as a committer on the Apache Roller and Apache Struts projects.
Matt has had quite a ride in the past few years, serving as the Lead UI Architect for LinkedIn, the UI Architect for Evite.com and the Chief Architect of Web Development at Time Warner Cable. Currently, he enjoys Utah's fluffy powder while consulting at Overstock.com.
More About Matt »