Jun 02 2010

Secure Development - Secure Storage

by Daniel Ramsbrock

So you've locked down your user input validation, your authentication/access control, and even your error handling. What else could possibly go wrong? If you're not careful about what data you store and how you protect it, you can cause serious damage to your users or even be held legally responsible for data breaches.

Protecting the back-end storage of your application is just as important as locking down the front-end user interface and web server. Some of the most common mistakes include:

Read More

Tagged: data breach, encryption, secure development, secure storage, web applications

May 20 2010

Secure Development - Web Application Security Talk at RJUG

by Daniel Ramsbrock

Last Wednesday, I spoke at the Richmond Java Users' Group (RJUG) about many of the same topics I've been covering in this blog, focusing mainly on the OWASP Top 10 vulnerabilities. I used some of the sandbox tools I introduced in my last post to do short demonstrations throughout the talk. I am attaching my slides to this post, which also include links to the tools I used for the demos (see the second-to-last slide).

Next time, I will continue the Top 10 series by talking about insecure storage issues.

Read More

Tagged: rjug, secure development, Tools, web applications

May 19 2010

Integrating Spring into your Weblogic Portal

by Patrick Cox

Switching out your Weblogic Page Flow Controllers in favor of Spring Controllers is easier than you might think. Here are just a few steps to help the integration.

Dependencies

The latest production release version of Spring is version 3.0.2. In this version they have broken the release into about 20 different jar files. The libraries listed below are those that you will need to include in the WEB-INF/lib your project:

Read More

Tagged: captech, portal, spring, Weblogic

May 17 2010

Code Contracts Part 1 - Introduction

by Kevin Hazzard

This blog post is part of a series concerning Microsoft Code Contracts. For a complete series directory, please refer to the following list. Articles without a link will be published soon.

Read More

Tagged: Code Contracts, Microsoft, Microsoft Research

May 13 2010

WebLogic Portal 10.x Solutions - Portal Admin Console Session Affinity

by Jason Ruth

It is very common to put a WebLogic Portal cluster behind a web server or load balancer.  Most implementations I have seen to date either use an F5, Apache Web Server, or a combination of the two to serve up the portal content.  If you are also trying to access the Portal Admin Console through the web server you most likely experienced some sort of session affinity issue.  I realize most IT shops will just access the Portal Admin Console through a specific combination of managed host and port.  However, if you have any desire to access the Portal Admin Console through a web server or load balancer (especially for CMS functions or just a friendly url), here is why the session affinity issue is presenting itself.

The Portal Admin Console was developed to use a non standard Cookie Name.  By default, weblogic applications will use the JSESSIONID Cookie Name to maintain the user session.  However, the WebLogic Portal Admin Console uses a differe

Read More

Tagged: Java, portal, WebLogic Portal, weblogic portal 10, wlp10

Categories

All Categories
Systems Integration
Management Consulting
BI and Data Management

Popular Tags

captech
portal
jboss
spring
javaee
css
captech way
content
content migration
engineering

 

Disclaimer

The words and opinions expressed here are those of each article's respective author, and do not necessarily represent the views of CapTech Ventures.