Web Applications with CA 2E and WebsydianExpress
|
|
- Ursula Rosamond Nicholson
- 8 years ago
- Views:
Transcription
1 Web Applications with CA 2E and WebsydianExpress Develop and Deploy Søren Madsen Anne-Marie Arnvig
2 Websydian A/S Founded in 1985 Headquarters in Copenhagen, Denmark Using CA 2E since 1989 Using CA Plex since % dedicated to model-based development working smarter not harder More than 200 customers in 35 countries worldwide First version of Websydian was released 1998 First version of WebsydianExpress was released 2005
3 Websydian A/S CA and Websydian A/S are strategic t partners in delivering complete solutions since The goal is to handle the challenges of quick and reliable development of robust and secure Web, Wireless and Web Service Applications. Websydian target the Java, Windows and IBM System i (the former AS400) platforms
4 Slide 3 OHH1 Websydian now has more than 200 customers in more than 30 countries and still growing Punktum efter 2001 Ole Høegh Hansen, 4/15/2005
5 Agenda Websydian focus A flatter, smaller and faster world What are you up against 2E and web what you need A closer look at security and usability Making faster concrete Websydian benefits out-of-the-box of the Live demo: linking 2E and WebsydianExpress
6 Websydian focus: work smarter We have been involved with CA 2E from the start We know the needs of 2E developers We build WebsydianExpress based on experience and feedback We extracted the best of all and put it into WE
7 A flatter, smaller and faster world Web casts, remote connections, e-conferences Non-stop change is the new normal Demand for speed and adjustment to change
8 What are you up against? What does it take to transform your 2E applications into web applications if you start from scratch? What do you need to learn? What options do you need to consider, evaluate and choose between? What do you need to develop yourselves?
9 2E and web what you need URL Web site design Menus Login User interface Security User management Administration 2E system functionality
10 A closer look at two issues Security Usability
11 Security Back-ends: You control access Web applications: Access is difficult to control
12 Usability Everyone everywhere is a potential user of your system and of your competitors! Make it easy for them to come to you. Make it easy for yourself to invite them.
13 Must haves Security User management system - web Login and roles Session control Usability (Customers) Understandable menus, work flow and activators Usability (for you) Easy admin and maintenance of your web application
14 Making faster concrete How long will it take to before you can focus on the functionality of your web site if you don t use Websydian to web front your 2E application? 1000 hours? 2000 hours? or more? How long will take if you use WebsydianExpress? 50 hours? 20 hours? or less?
15 Websydian benefits out-of-the-box What you get out-of-the-box is an entire infrastructure and a ready site which means that: You don t have to use time collecting and evaluating information about how to go about creating a web solution before starting we have done it for you You can reuse the application you already have You can focus on the business functionality right after installation You don t have to use time setting up security measures it s already done Genric features: menu, login, user management, language support Web based user administration Years of experience
16 You get Usability: Web site out of the box Installation Service Administration module Message log User management Custom Fields (you can grow your needs) Page Modeler generates HTML code Language support for multiple language sites Interface between your back-end apps and the web (APIs)
17 You get Security: Session control User management system Login facility Role system compliant with J2EE
18 Websydian Security Model
19 OWASP OWASP (Open Web Application Security Project) Non-profit organization Community for sharing information about web application security The OWASP Top Ten The 10 most critical web application security flaws How to avoid the security flaws httt://
20 OWASP 2006 Top Ten 1. Un-validated Parameters 2. Broken Access Control 3. Broken Account and Session Management 4. Cross-Site Scripting Flaws 5. Buffer Overflows 6. Command Injection Flaws 7. Error Handling Problems 8. Insecure Storage - Insecure Use of Cryptography 9. Application i Denial of Service 10. Insecure Configuration Management- Server mis- configuration
21 OWASP 2006 Top Ten and Websydian Un-validated Parameters Broken Access Control Broken Account and Session Management Cross-Site Scripting Flaws Buffer Overflows Command Injection Flaws Error Handling Problems Insecure storage - Insecure Use of Cryptography Application Denial of Service! Insecure Configuration Management- Server mis- configuration
22 Role based Security Model Role e.g. SalesRep, Accountant, Customer Role-based security obtained through a combination of two security methods: Security by Declaration Access privileges declared ed by role oerse access the declarations to obtain Programmatic security If <user> in <role> then If <user> equal to <user_ id> then
23
24
25
26
27 End Part 1
28 WebsydianExpress for CA 2E Soren Madsen
29 Biography Søren Madsen Soft Design A/S Chief Consultant Worked with CA 2E since 1990 CA Plex since 1996 Speaker at: CA WORLD and Plex/2E user conferences since 2004 COMMON US since 2007
30 Søren Madsen Softdesign since 1990 Senior Consultant, Project manager Synon 8 years 2e PLEX 8-9 years KT Obsydian Cool:Plex Jasmin:Plex Advantage:Plex AllFusion:Plex
31 Developing e for Websydian Express AllFusion 2E iseries, ILE RPG iseries AllFusion Plex iseries, Windows You choose!
32 Similarities between ee 2E and Web 2E Websydian/2E Display Record Display Horse EXCEXTFUN RPG DDS RPG HTML
33 Similarities between 2E and Web Scr/rpt design = Page modeler
34 Page Modeler: Easy creation of HTML
35 Run-time Page Generation RPG The RPG Program Loads the DDS via the definition as an externally described file. Assigns s the variables ab and writes to 5250
36 Run-time Page Generatione RPG The RPG Program reads the HTML file as an external file. Assigns the variables and writes to the browser
37 Run-time Page Generatione Substitution at run-time of fields in Details region Values of Details-fields set by SetOutput function Result is generated HTML Page HTML Document Template as input to WritePage Function
38 Live Demo
39 Websydian for 2E Demo
40 Websydian for 2E Demo
41 Websydian for 2E Demo
42 The Websydian Express 2E API (43)
43 Application flow - GetInput(field name) (Get values from input fields, one call per field) - Execute business logic (E.g. database update etc.) - SetOutput(field name, field value) (Set output values, one call per field) - SetParm(Eventid, field name, field value) (Set hidden values, one call per field) - WritePage(html template)
44 Show horse Functions cto
45 Show horse Functions cto
46 Show horse Functions cto
47 Show horse Functions cto
48 Show horse Functions cto
49 Show horse Functions cto
50 Show horse Functions cto
51 Show horse Functions cto
52 Show horse Functions cto
53 Show horse Functions cto
54 Show horse Functions cto
55 Show horse Functions cto
56 Show horse Functions cto
57 Show horse Functions cto
58 Show horse Functions cto
59 Show horse Functions cto
60 Websydian for 2E Demo
61 Show horse Functions cto
62 Show horse Functions cto
63 Show horse Functions cto
64 Show horse Functions cto
65 Show horse Functions cto
66 Show horse Functions cto
67 Show horse Functions cto
68 Show horse Functions cto
69 Websydian for 2E Demo
70
71 What now? The 2E model you can download contains all the AD code to view, position, create, update and delete data in the Horse entity. And you can build any web functionality using your own 2E entities and functions. This can be tried out for free! More information at:
72 WebsydianExpress ess summary WebsydianExpress saves you hours of work Provides web site out-of-the-box Internet profiles handled by Websydian Express Batch processing (reduces number of interactive users) Handles user management Provides session management out-of-the-boxof the Provides the necessary APIs for developing web using 2E Easy installation Provides a tool for modeling the web pages Enables efficient use of different development skills
73
What is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationMagento Security and Vulnerabilities. Roman Stepanov
Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection
More informationStrategic Information Security. Attacking and Defending Web Services
Security PS Strategic Information Security. Attacking and Defending Web Services Presented By: David W. Green, CISSP dgreen@securityps.com Introduction About Security PS Application Security Assessments
More informationSecurity Testing and Vulnerability Management Process. e-governance
Security Testing and Vulnerability Management Process for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India.
More informationKonyOne Server Prerequisites _ MS SQL Server
KonyOne Server Prerequisites _ MS SQL Server KonyOne Platform Release 5.0 Copyright 2012-2013 Kony Solutions, Inc. All Rights Reserved. Page 1 of 13 Copyright 2012-2013 by Kony Solutions, Inc. All rights
More informationDatabase FAQs - SQL Server
Database FAQs - SQL Server Kony Platform Release 5.0 Copyright 2013 by Kony, Inc. All rights reserved. August, 2013 This document contains information proprietary to Kony, Inc., is bound by the Kony license
More informationCreating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing
More informationApplication Security and the SDLC. Dan Cornell Denim Group, Ltd. www.denimgroup.com
Application Security and the SDLC Dan Cornell Denim Group, Ltd. www.denimgroup.com Overview Background What is Application Security and Why is It Important? Specific Reference Examples Integrating Security
More informationelearning for Secure Application Development
elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security
More informationSimon Fraser University. Web Security. Dr. Abhijit Sen CMPT 470
Web Security Dr. Abhijit Sen 95% of web apps have Vulnerabilities Cross-site scripting (80 per cent) SQL injection (62 per cent) Parameter tampering (60 per cent) http://www.vnunet.com/vnunet/news/2124247/web-applicationswide-open-hackers
More informationApplication Security and the SDLC. Dan Cornell Denim Group, Ltd. www.denimgroup.com
Application Security and the SDLC Dan Cornell Denim Group, Ltd. www.denimgroup.com Overview Background What is Application Security and Why is It Important? Specific Reference Examples Integrating Security
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationHow to Build a Trusted Application. John Dickson, CISSP
How to Build a Trusted Application John Dickson, CISSP Overview What is Application Security? Examples of Potential Vulnerabilities Strategies to Build Secure Apps Questions and Answers Denim Group, Ltd.
More informationDISA's Application Security and Development STIG: How OWASP Can Help You. AppSec DC November 12, 2009. The OWASP Foundation http://www.owasp.
DISA's Application Security and Development STIG: How Can Help You AppSec DC November 12, 2009 Jason Li Senior Application Security Engineer jason.li@aspectsecurity.com The Foundation http://www.owasp.org
More informationApplication Code Development Standards
Application Code Development Standards Overview This document is intended to provide guidance to campus system owners and software developers regarding secure software engineering practices. These standards
More informationTop Ten Web Application Vulnerabilities in J2EE. Vincent Partington and Eelco Klaver Xebia
Top Ten Web Application Vulnerabilities in J2EE Vincent Partington and Eelco Klaver Xebia Introduction Open Web Application Security Project is an open project aimed at identifying and preventing causes
More informationWeb Application Vulnerability Testing with Nessus
The OWASP Foundation http://www.owasp.org Web Application Vulnerability Testing with Nessus Rïk A. Jones, CISSP rikjones@computer.org Rïk A. Jones Web developer since 1995 (16+ years) Involved with information
More informationWeb attacks and security: SQL injection and cross-site scripting (XSS)
Web attacks and security: SQL injection and cross-site scripting (XSS) License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike
More informationApplication Security: What Does it Take to Build and Test a Trusted App? John Dickson, CISSP Denim Group
Application Security: What Does it Take to Build and Test a Trusted App? John Dickson, CISSP Denim Group Overview What is Application Security? Examples of Potential Vulnerabilities Potential Strategies
More informationWeb Application Security
Chapter 1 Web Application Security In this chapter: OWASP Top 10..........................................................2 General Principles to Live By.............................................. 4
More informationOut of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet
Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet March 8, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationKony Mobile Application Management (MAM)
Kony Mobile Application Management (MAM) Kony s Secure Mobile Application Management Feature Brief Contents What is Mobile Application Management? 3 Kony Mobile Application Management Solution Overview
More informationWeb Engineering Web Application Security Issues
Security Issues Dec 14 2009 Katharina Siorpaes Copyright 2009 STI - INNSBRUCK www.sti-innsbruck.at It is NOT Network Security It is securing: Custom Code that drives a web application Libraries Backend
More informationCopyright 2006. Watchfire Corporation. All Rights Reserved.
AppScan Frequently Asked Technical Questions 1. How is AppScan different from other web application scanners? (p. 2) 2. How do I know if I ve covered all of my applications? (p. 3) 3. How is AppScan different
More informationHow to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering
How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration
More informationOWASP and OWASP Top 10 (2007 Update) OWASP. The OWASP Foundation. Dave Wichers. The OWASP Foundation. OWASP Conferences Chair dave.wichers@owasp.
and Top 10 (2007 Update) Dave Wichers The Foundation Conferences Chair dave.wichers@owasp.org COO, Aspect Security dave.wichers@aspectsecurity.com Copyright 2007 - The Foundation This work is available
More informationBusiness Process Management IBM Business Process Manager V7.5
Business Process Management IBM Business Process Manager V7.5 Federated task management for BPEL processes and human tasks This presentation introduces the federated task management feature for BPEL processes
More information(WAPT) Web Application Penetration Testing
(WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:
More informationHow To Test A Computer System On A Microsoft Powerbook 2.5 (Windows) (Windows 2) (Powerbook 2) And Powerbook 1.5.1 (Windows 3) (For Windows) (Programmer) (Or
2014 Guide For Testing Your Software Security and Software Assessment Services (SSAS) Usability Testing Sections Installation and Un-Installation Software Documentation Test Cases or Tutorial Graphical
More informationBlackboard Learn TM, Release 9 Technology Architecture. John Fontaine
Blackboard Learn TM, Release 9 Technology Architecture John Fontaine Overview Background Blackboard Learn Deployment Model and Architecture Setup and Installation Common Administrative Tasks Tuning Integrating
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationBarracuda Web Site Firewall Ensures PCI DSS Compliance
Barracuda Web Site Firewall Ensures PCI DSS Compliance E-commerce sales are estimated to reach $259.1 billion in 2007, up from the $219.9 billion earned in 2006, according to The State of Retailing Online
More informationHow To Understand And Understand The Security Of A Web Browser (For Web Users)
Security vulnerabilities: should they be early detected? - lsampaio@inf.puc-rio.br Alessandro Garcia afgarcia@inf.puc-rio.br OPUS Research Group Agenda 1. Background; 2.Motivation; 3.Research Questions;
More informationCrawl Proxy Installation and Configuration Guide
Crawl Proxy Installation and Configuration Guide Google Enterprise EMEA Google Search Appliance is able to natively crawl secure content coming from multiple sources using for instance the following main
More informationITG Software Engineering
IBM WebSphere Administration 8.5 Course ID: Page 1 Last Updated 12/15/2014 WebSphere Administration 8.5 Course Overview: This 5 Day course will cover the administration and configuration of WebSphere 8.5.
More informationWeb applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh
Web applications Web security: web basics Myrto Arapinis School of Informatics University of Edinburgh HTTP March 19, 2015 Client Server Database (HTML, JavaScript) (PHP) (SQL) 1 / 24 2 / 24 URLs HTTP
More informationGlassFish Security. open source community experience distilled. security measures. Secure your GlassFish installation, Web applications,
GlassFish Security Secure your GlassFish installation, Web applications, EJB applications, application client module, and Web Services using Java EE and GlassFish security measures Masoud Kalali PUBLISHING
More informationTop 10 Web Application Security Vulnerabilities - with focus on PHP
Top 10 Web Application Security Vulnerabilities - with focus on PHP Louise Berthilson Alberto Escudero Pascual 1 Resources The Top 10 Project by OWASP www.owasp.org/index.php/owasp_top_ten_project
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationVisa U.S.A Cardholder Information Security Program (CISP) Payment Application Best Practices
This document is to be used to verify that a payment application has been validated against Visa U.S.A. Payment Application Best Practices and to create the Report on Validation. Please note that payment
More informationWEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY
WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities
More informationCA Clarity Project & Portfolio Manager
CA Clarity Project & Portfolio Manager Connector for CA Unicenter Service Desk & CA Software Change Manager for Distributed Product Guide v2.0.00 This documentation, which includes embedded help systems
More informationThomas Röthlisberger IT Security Analyst thomas.roethlisberger@csnc.ch
Thomas Röthlisberger IT Security Analyst thomas.roethlisberger@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch www.csnc.ch What
More informationThe Customer page is only displayed in Admin Portal on Managed Service Provider accounts. It is not displayed in customer accounts.
Chapter 9 Managing customer cloud services The Customers page lists the cloud services you have created for your customers and their status. You use this page to perform the following tasks: Create a new
More information05.0 Application Development
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
More informationTHE HACKERS NEXT TARGET
Governance and Risk Management THE HACKERS NEXT TARGET YOUR WEB AND SOFTWARE Anthony Lim MBA CISSP CSSLP FCITIL Director, Security, Asia Pacific Rational Software ISC2 CyberSecurity Conference 09 Kuala
More informationOWASP TOP 10 ILIA ALSHANETSKY @ILIAA HTTPS://JOIND.IN/15741
OWASP TOP 10 ILIA ALSHANETSKY @ILIAA HTTPS://JOIND.IN/15741 ME, MYSELF & I PHP Core Developer Author of Guide to PHP Security Security Aficionado THE CONUNDRUM USABILITY SECURITY YOU CAN HAVE ONE ;-) OPEN
More informationSecurity Code Review- Identifying Web Vulnerabilities
Security Code Review- Identifying Web Vulnerabilities Kiran Maraju, CISSP, CEH, ITIL, SCJP Email: Kiran_maraju@yahoo.com 1 1.1.1 Abstract Security Code Review- Identifying Web Vulnerabilities This paper
More informationAn Introduction to Application Security in J2EE Environments
An Introduction to Application Security in J2EE Environments Dan Cornell Denim Group, Ltd. www.denimgroup.com Overview Background What is Application Security and Why is It Important? Specific Reference
More informationJava Web Application Security
Java Web Application Security RJUG Nov 11, 2003 Durkee Consulting www.rd1.net 1 Ralph Durkee SANS Certified Mentor/Instructor SANS GIAC Network Security and Software Development Consulting Durkee Consulting
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationTHE OPEN UNIVERSITY OF TANZANIA
THE OPEN UNIVERSITY OF TANZANIA Institute of Educational and Management Technologies COURSE OUTLINES FOR DIPLOMA IN COMPUTER SCIENCE 2 nd YEAR (NTA LEVEL 6) SEMESTER I 06101: Advanced Website Design Gather
More informationContent Management System
Content Management System XT-CMS INSTALL GUIDE Requirements The cms runs on PHP so the host/server it is intended to be run on should ideally be linux based with PHP 4.3 or above. A fresh install requires
More informationExcellence Doesn t Need a Certificate. Be an. Believe in You. 2014 AMIGOSEC Consulting Private Limited
Excellence Doesn t Need a Certificate Be an 2014 AMIGOSEC Consulting Private Limited Believe in You Introduction In this age of emerging technologies where IT plays a crucial role in enabling and running
More informationSecurity Testing & Load Testing for Online Document Management system
1 Security Testing & Load Testing for Online Document Management system Abstract The client is a leading provider of online technical documentation solutions in UK, they wanted to protect their documents
More informationKEN VAN WYK. Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it www.technologytransfer.it
More informationIntroduction to Web Application Security. Microsoft CSO Roundtable Houston, TX. September 13 th, 2006
Introduction to Web Application Security Microsoft CSO Roundtable Houston, TX September 13 th, 2006 Overview Background What is Application Security and Why Is It Important? Examples Where Do We Go From
More informationOracle WebLogic Foundation of Oracle Fusion Middleware. Lawrence Manickam Toyork Systems Inc www.toyork.com http://ca.linkedin.
Oracle WebLogic Foundation of Oracle Fusion Middleware Lawrence Manickam Toyork Systems Inc www.toyork.com http://ca.linkedin.com/in/lawrence143 History of WebLogic WebLogic Inc started in 1995 was a company
More informationWeb Application Security Assessment and Vulnerability Mitigation Tests
White paper BMC Remedy Action Request System 7.6.04 Web Application Security Assessment and Vulnerability Mitigation Tests January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software
More informationUsing Free Tools To Test Web Application Security
Using Free Tools To Test Web Application Security Speaker Biography Matt Neely, CISSP, CTGA, GCIH, and GCWN Manager of the Profiling Team at SecureState Areas of expertise: wireless, penetration testing,
More informationAPIS CARM NG Quick Start Guide for MS Windows
APIS CARM NG Quick Start Guide for MS Windows The information contained in this document may be changed without advance notice and represents no obligation on the part of the manufacturer. The software
More informationSecuring Enterprise Web Applications at the Source: An Application Security Perspective
Securing Enterprise Web Applications at the Source: An Application Security Perspective Author: Eugene Lebanidze eugene.lebanidze@gmail.com EXECUTIVE SUMMARY Purpose: This paper considers a variety of
More informationEVALUATION ONLY. WA2088 WebSphere Application Server 8.5 Administration on Windows. Student Labs. Web Age Solutions Inc.
WA2088 WebSphere Application Server 8.5 Administration on Windows Student Labs Web Age Solutions Inc. Copyright 2013 Web Age Solutions Inc. 1 Table of Contents Directory Paths Used in Labs...3 Lab Notes...4
More informationChange Management for Rational DOORS User s Guide
Change Management for Rational DOORS User s Guide Before using this information, read the general information under Appendix: Notices on page 58. This edition applies to Change Management for Rational
More informationSecuring Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group
Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability
More informationImplementation of Web Application Firewall
Implementation of Web Application Firewall OuTian 1 Introduction Abstract Web 層 應 用 程 式 之 攻 擊 日 趨 嚴 重, 而 國 內 多 數 企 業 仍 不 知 該 如 何 以 資 安 設 備 阻 擋, 仍 在 採 購 傳 統 的 Firewall/IPS,
More informationAutomate Your BI Administration to Save Millions with Command Manager and System Manager
Automate Your BI Administration to Save Millions with Command Manager and System Manager Presented by: Dennis Liao Sr. Sales Engineer Date: 27 th January, 2015 Session 2 This Session is Part of MicroStrategy
More informationWeb Application Penetration Testing
Web Application Penetration Testing 2010 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Will Bechtel William.Bechtel@att.com
More informationEssential IT Security Testing
Essential IT Security Testing Application Security Testing for System Testers By Andrew Muller Director of Ionize Who is this guy? IT Security consultant to the stars Member of OWASP Member of IT-012-04
More informationMobile Application Security Sharing Session May 2013
Mobile Application Security Sharing Session Agenda Introduction of speakers Mobile Application Security Trends and Challenges 5 Key Focus Areas for an mobile application assessment 2 Introduction of speakers
More informationPentests more than just using the proper tools
Pentests more than just using the proper tools Agenda 1. Information Security @ TÜV Rheinland 2. Penetration testing Introduction Evaluation scheme Security Analyses of web applications Internal Security
More informationWeb Dashboard User Guide
Web Dashboard User Guide Version 10.2 The software supplied with this document is the property of RadView Software and is furnished under a licensing agreement. Neither the software nor this document may
More informationPoints of View. CxO s point of view. Developer s point of view. Attacker s point of view
Web App Security 2 CxO s point of view Points of View Measurable security SCAP (Security Content Automation Protocol) Developer s point of view Secure coding/software security CWE (Common Weakness Enumeration)
More information8070.S000 Application Security
8070.S000 Application Security Last Revised: 02/26/15 Final 02/26/15 REVISION CONTROL Document Title: Author: File Reference: Application Security Information Security 8070.S000_Application_Security.docx
More informationApplication Performance. Java.,.NET and the IBM i. Rory Hewitt. Co-branded Logo Footprint Aligned LEFT ON COVER ONLY Must Fit Within This Space
Application Performance Management for Java.,.NET and the IBM i Rory Hewitt Rob Layzell CA Aligned LEFT ON COVER ONLY Terms of This Presentation This presentation was based on current information and resource
More informationJVA-122. Secure Java Web Development
JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard
More informationWEB APPLICATION SECURITY
WEB APPLICATION SECURITY Governance and Risk Management YOUR LAST LINE OF DEFENSE Aug 06 2009 ANSES RAH RAH Anthony Lim MBA CISSP CSSLP FCITIL Director, Security, Asia Pacific Rational Software Prolog
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationDevelopment Processes (Lecture outline)
Development*Process*for*Secure* So2ware Development Processes (Lecture outline) Emphasis on building secure software as opposed to building security software Major methodologies Microsoft's Security Development
More informationBMC Remedy Integration Guide 7.6.04
BMC Remedy Integration Guide 7.6.04 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their
More informationSichere Software- Entwicklung für Java Entwickler
Sichere Software- Entwicklung für Java Entwickler Dominik Schadow Senior Consultant Trivadis GmbH 05/09/2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationAD207: Advances in Data Integration with Lotus Enterprise Integrator for Domino 6.5. Sarah Boucher, Manager Enterprise Integration Development
AD207: Advances in Data Integration with Lotus Enterprise Integrator for Domino 6.5 Sarah Boucher, Manager Enterprise Integration Development Goals Overview of Lotus Enterprise Integration offerings and
More informationRedpaper Axel Buecker Kenny Chow Jenny Wong
Redpaper Axel Buecker Kenny Chow Jenny Wong A Guide to Authentication Services in IBM Security Access Manager for Enterprise Single Sign-On Introduction IBM Security Access Manager for Enterprise Single
More informationCracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference
Cracking the Perimeter via Web Application Hacking Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference About 403 Labs 403 Labs is a full-service information security and compliance
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationNetBeans IDE Field Guide
NetBeans IDE Field Guide Copyright 2005 Sun Microsystems, Inc. All rights reserved. Table of Contents Introduction to J2EE Development in NetBeans IDE...1 Configuring the IDE for J2EE Development...2 Getting
More informationTeamViewer 9 Manual Management Console
TeamViewer 9 Manual Management Console Rev 9.2-07/2014 TeamViewer GmbH Jahnstraße 30 D-73037 Göppingen www.teamviewer.com Table of Contents 1 About the TeamViewer Management Console... 4 1.1 About the
More informationDevOps for CA Plex Automated Testing
DevOps for CA Plex Automated Testing Agenda DevOps Agile ALM CM MatchPoint Automated Testing Worksoft Certify DevOps Agile - DevOps Source: IBM SoftwareTechnical White Paper DevOps Lifecycle DevOps CA
More informationTesting the OWASP Top 10 Security Issues
Testing the OWASP Top 10 Security Issues Andy Tinkham & Zach Bergman, Magenic Technologies Contact Us 1600 Utica Avenue South, Suite 800 St. Louis Park, MN 55416 1 (877)-277-1044 info@magenic.com Who Are
More informationEarly Vulnerability Detection for Supporting Secure Programming
Early Vulnerability Detection for Supporting Secure Programming Luciano Sampaio - lsampaio@inf.puc- rio.br Alessandro Garcia - afgarcia@inf.puc- rio.br OPUS Research Group LES DI PUC- Rio - Brazil OPUS
More informationHow to complete the Secure Internet Site Declaration (SISD) form
1 How to complete the Secure Internet Site Declaration (SISD) form The following instructions are designed to assist you in completing the SISD form that forms part of your Merchant application. Once completed,
More informationIBM WebSphere Application Server V8.5 lab Basic Liberty profile administration using the job manager
IBM WebSphere Application Server V8.5 lab Basic Liberty profile administration using the job manager Scenario You are a system administrator responsible for managing web application server installations.
More informationMarkLogic Server. Reference Application Architecture Guide. MarkLogic 8 February, 2015. Copyright 2015 MarkLogic Corporation. All rights reserved.
Reference Application Architecture Guide 1 MarkLogic 8 February, 2015 Last Revised: 8.0-1, February, 2015 Copyright 2015 MarkLogic Corporation. All rights reserved. Table of Contents Table of Contents
More information