Loading…
ApacheCon EU 2016 has ended
ApacheCon Europe 2016
Click here to Register or for more information 

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Security [clear filter]
Thursday, November 17
 

15:10

Secure by Default Web Application with Apache Sling - Robert Munteanu, Adobe
A product that works is not done, as there are many facets to consider - availability, scalability, security. Of those, security is probably the most expensive to get wrong.



By analysing a simple web application built on top of Apache Sling and its threat model, we will review the main attack vectors and how they can be mitigated. You will see what the general approaches are and also how Apache Sling allows you to eliminate entire classes of vulnerabilities by using secure-by-default components. Although we will use Apache Sling for examples, previous knowledge of Sling or its components is not required.

Speakers
avatar for Robert Munteanu

Robert Munteanu

Senior Computer Scientist, Adobe Systems Romania
Robert Munteanu is a software developer with a passion for Open Source. He works as a senior computer scientist on the Adobe Experience Manager. A frequent Open Source contributor, he focuses his efforts on projects such as Apache Sling, MantisBT, the Eclipse plugin for Reviewboard... Read More →


Thursday November 17, 2016 15:10 - 16:00
Santa Cruz

16:10

Implementing Security in Apache Geode Using Apache Shiro - Jinmei Liao, Pivotal
Apache Geode (incubating) is a distributed in-memory data grid built for high throughput low latency applications. Data stored in a Gode cluster can be accessed by Geode clients (which talk to the server over TCP) and over REST api. One can also manage the Geode cluster over JMX and rest api.

Although you could secure the transport using ssl, role based access control existed only for clients over TCP. In the latest release of Apache Geode, we now have role based access control for all Geode APIs, and we used Apache Shiro for our implementation. In this talk we will provide details on how this was accomplished and present our ÛÏlessons learnedÛ.


Speakers
JL

Jinmei Liao

Software Engineer, Pivotal
Java developer for 10+ years.


Thursday November 17, 2016 16:10 - 17:00
Nervion/Arenal II/III