OWASP Bay Area Meeting - June 25th 2008

less than 1 minute read

Prompted by James, I signed up a little while ago to the OWASP Bay Area chapter, keen to learn more about application security, both in hardening OpenSSO and Access Manager and in how those projects/products can contribute to securing applications. Well, whaddya know, the next meeting is a half day Application Security Summit at the Microsoft facility in Mountain View next Wednesday, when I’ll be out of town. Keen as I am to attend OWASP, I think the Jazoon folks would be a little upset if I didn’t show up for my session on OpenSSO, so I’ll have to be content with encouraging folks in the Bay Area to attend - all the details are here and, apparently, space is limited, so if you’re interested, sign up now!



Mark Moody


GM is asking for Sun's solution and progress in defining solutions for OWASP for J2EE applications. Can you share more information on how OpenSSO Enterprise 8 is addressing OWASP vulnerabilities?


Pat Patterson

Hi Mark,

I assume you meant to address me (Pat) instead of James :-)

As it happens, we've just appointed an architect on the OpenSSO team to oversee security issues - watch Rajeev's blog - http://blogs.sun.com/rangal/ - for more on the topic.

While OWASP has some relevance to OpenSSO's security (as OpenSSO is itself a Web application), and OpenSSO can help make apps more secure in enforcing access management policy, as far as I can see, the main lesson from OWASP is that you CAN'T sprinkle on magic security dust - you still have to secure your Web app.

Leave a Comment

Your email address will not be published. Required fields are marked *