Mase,
I'm excited to see what FS-ISAC comes up with at the conference. In my
experience, the OWASP Secure Contract Annex is a great resource. That
said, sometimes people are looking for an interim "quick and dirty"
way to evaluate vendors for security while they work on building
application securi
Hi all,
As some of you may know I've spent some time researching how to apply
Aspect Oriented Programming (AOP) to web application security. I
haven't been able to spend as much time on the topic as I'd like, but
I was able to come up with a proof of concept for Java EE
applications.
I created an
Has anyone had experience using Sword4J to determine permissions?
http://www.alphaworks.ibm.com/tech/sword4j
>From the site: "The Authorization Analysis functionality determines
which authorizations are needed in order to run Java code when a
SecurityManager is enabled. The Privilege Code Analysis
Most of the SANS classes are network/infrastructure related, but some
of them are made specifically for secure coding in a particular
language. I'm an instructor and courseware developer for Security 541,
the secure coding in Java / JEE class
(http://www.sans.org/ns2008/description.php?tid=1937).