OWASP Bay Area Meeting - June 25th 2008
Prompted by James, I signed up a little while ago to the OWASP Bay Area chapter, keen to learn more about application security, both in hardening OpenSSO and Access Manager and in how those projects/products can contribute to securing applications. Well, whaddya know, the next meeting is a half day Application Security Summit at the Microsoft facility in Mountain View next Wednesday, when I’ll be out of town. Keen as I am to attend OWASP, I think the Jazoon folks would be a little upset if I didn’t show up for my session on OpenSSO, so I’ll have to be content with encouraging folks in the Bay Area to attend - all the details are here and, apparently, space is limited, so if you’re interested, sign up now!
Comments
Mark Moody
James:
GM is asking for Sun's solution and progress in defining solutions for OWASP for J2EE applications. Can you share more information on how OpenSSO Enterprise 8 is addressing OWASP vulnerabilities?
Thanks,
m2
Pat Patterson
Hi Mark,
I assume you meant to address me (Pat) instead of James :-)
As it happens, we've just appointed an architect on the OpenSSO team to oversee security issues - watch Rajeev's blog - http://blogs.sun.com/rangal/ - for more on the topic.
While OWASP has some relevance to OpenSSO's security (as OpenSSO is itself a Web application), and OpenSSO can help make apps more secure in enforcing access management policy, as far as I can see, the main lesson from OWASP is that you CAN'T sprinkle on magic security dust - you still have to secure your Web app.
Leave a Comment
Your email address will not be published. Required fields are marked *