Loading…
ApacheCon North America 2014 has ended
Register Now for ApacheCon North America 2014 - April 7-9 in Denver, CO. Registration fees increase on March 15th, so don’t delay!

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Security [clear filter]
Tuesday, April 8
 

1:30pm

Security best practices for Apache web services
The ability to secure a web service is an essential part of a developer's armory. However, the developer must consider the complex and sometimes confusing topics of message confidentiality and integrity, as well as client authentication and authorization, against a wide range of potential adversaries.

In this talk, Dr. Colm Ó hÉigeartaigh will provide an overview of recent security advisories against a number of Apache projects that are used in web services, such as Apache Santuario and CXF. As part of this overview, we will discuss how an Apache project can best handle security vulnerabilities, and how to analyse existing security flaws to prevent possible future vulnerabilities.

In addition, the talk will distill security best practices for the developer that have emerged via fixing various security advisories.

Speakers
CO

Colm O hEigeartaigh

Software Architect, Talend
Dr. Colm O hEigeartaigh is a security architect at Talend, having earned his PhD in the area of cryptography. He is involved in a wide range of Apache projects, primarily in the area of security. He is PMC chair of the Apache Santuario project. He has previously presented at a number... Read More →


Tuesday April 8, 2014 1:30pm - 2:20pm
Lawrence A

2:30pm

Session Clustering with Cassandra and Apache Shiro
Over 100,000 organizations have seen Apache Shiro's simplicity and power as as security framework for authentication and authorization. But did you know that Shiro's Enterprise Session Management enables easy session clustering for any application? If you need to support concurrent user sessions in the thousands or millions, you won't want to miss this!

This presentation will cover:
-Shiro’s enterprise session management capabilities
-How it can be used across any application (not just web or JEE applications)
-How to use Cassandra as Shiro's session store, enabling a distributed session cluster supporting hundreds of thousands or even millions of concurrent sessions.

As a working example, Les will show how to set up a session cluster in under 10 minutes using Cassandra. If you need to scale user session load, you won’t want to miss this!

Speakers
BJ

Brent Jensen

Co-Founder & CTO, Stormpath
Les Hazlewood is Stormpath co-founder and CTO and the Apache Shiro PMC Chair. Prior to forming Stormpath, Les held senior architectural positions at Bloomberg and Delta Airlines and he was former CTO of a software engineering firm supporting educational and government agencies. Les... Read More →


Tuesday April 8, 2014 2:30pm - 3:20pm
Lawrence A

3:45pm

Improving performance for security enabled web services
Apache CXF is a mature and heavily used web services stack that supports a wide range of protocols, transports and bindings. Naturally, securing web services is an important topic, and CXF implements a large number of security protocols. However, applying security is notorious for exacting a performance penalty, both in terms of CPU and memory requirements.

This talk will focus on new features of Apache CXF 3.0 to improve performance for various security protocols. CXF 3.0 ships with a new streaming (as opposed to in-memory) WS-Security implementation for securing JAX-WS web services, that delivers dramatic memory improvements for large requests. Improving security performance for signed attachments, as well as for XML-based RESTful services will also be covered. Finally, empirical data will be provided to demonstrate performance improvements.

Speakers
CO

Colm O hEigeartaigh

Software Architect, Talend
Dr. Colm O hEigeartaigh is a security architect at Talend, having earned his PhD in the area of cryptography. He is involved in a wide range of Apache projects, primarily in the area of security. He is PMC chair of the Apache Santuario project. He has previously presented at a number... Read More →


Tuesday April 8, 2014 3:45pm - 4:35pm
Lawrence A

4:45pm

Easy Application Security with Apache Shiro
Apache Shiro is one of the largest open-source application security frameworks available, and with the release of Shiro 1.2, over 10,000 new instances launch every month. Shiro supports the four cornerstones of application security: authentication, authorization, enterprise session management, and cryptography.

Apache Shiro PMC Chair and Stormpath Founder/CTO, Les Hazlewood, will give a code-heavy overview of the framework, including...
-How to enable all four cornerstones for any application (standalone, mobile phone, web based, etc)
-An overview of how Shiro leverages OAuth, SAML, and Tapestry
-Why you might want to use Shiro instead of alternatives like JAAS or Spring Security
-An overview of Shiro’s innovative web support module and security filtering capabilities
-The core architectural concepts of the framework
-What's new in Shiro 1.2

Speakers
BJ

Brent Jensen

Co-Founder & CTO, Stormpath
Les Hazlewood is Stormpath co-founder and CTO and the Apache Shiro PMC Chair. Prior to forming Stormpath, Les held senior architectural positions at Bloomberg and Delta Airlines and he was former CTO of a software engineering firm supporting educational and government agencies. Les... Read More →


Tuesday April 8, 2014 4:45pm - 5:35pm
Lawrence A