Enterprise development security
Enterprise development security involves the use of software, hardware, and procedural methods to protect applications from external threats. Enterprise Java security measures built into applications and a sound application security routine minimize the likelihood that hackers will be able to manipulate applications and access, steal, modify, or delete sensitive enterprise data. Learn design techniques and how to design secure Java applications. Find best practices, examples and strategies for designing security into enterprise Java applications.
Will Java EE 8 adoption outpace previous releases?
17 Oct 2014
News - At JavaOne 2014, Barry Burd discussed how and why he's predicting a fast adoption of Java EE 8.
Mobile development teams may put corporate data security at risk
14 Dec 2012
News - Mobile app developers might be more responsible for mobile and corporate data security concerns than any other factor, including lost devices.
Designing and Architecting Tasks to Rule 2012
30 Dec 2011
News - The 2011 TSS Java Trends survey seems to indicate that overwhelmingly, designing and architecting tasks will rule with a whopping 70% of respondents indicating so. Coding entirely new apps jumped up to 39% as well. Seems that new apps are the new black...
OCPJP & OCAJP: Java 7 training requirement for the Oracle Certified Professional Programmer dropped
21 Dec 2011
News - In order to obtain the certified architect position from Oracle, attending and passing a training course is now required. But what about the Java Professional and Java Associate designations, OCPJP and OCAJP for Java 7?
OCAJP and OCPJP Changes for Java 7: New Objectives, a Format Change and a Price Hike
16 Dec 2011
News - The OCP (Oracle Certified Professional) Java 7 certification (OCAJP and OCPJP), which replaced the SCJP certification, will now require you to pass two exams, each of which will cost $300 to take, pushing the cost of the designation to $600.
New Cross-site Request Forgery Protection in Tomcat 7
TheServerSide Newsfeed | 25 May 2011
News - Cross-site request forgery (CSRF) is a security vulnerability that targets the trust sites put into a browser. A CSRF attack will trick a victim into making a malicious request which is granted based on the user's already authenticated credentials. Check...
How to do Security Testing with Business Transactions
TheServerSide Newsfeed | 06 May 2011
News - Plaintext secrets written to a log file are a well-known vulnerability. Once an intruder gains access to a hard disk they can easily comb through log files to further exploit the system. It’s a good idea to grep log files after your test run but that...
Are Java Web Applications Secure?
01 Jul 2008
Article - One of the most extended belief about web applications is that most of them are insecure. This opinion is supported by statistics published by SANS  which show that almost half the vulnerabilities published during 2007 were related to web...
01 May 2007
Article - Learn more about OpenID, a decentralized, open source framework for user-centric digital identity. With OpenID, rather than managing all online accounts individually, users can manage their identity in one place via an authentication server.
Reusable Security for Segmented Data Domains
01 May 2006
Article - According to John C. Dale, MS MIS, president of Growing Business Solutions, for firms providing software development outsourcing services, the practice of software reuse can reduce overhead and increase margins. In this article, Dale discusses one way in...