Download
1 / 4
40 likes | 69 Views
This educational project analyzes popular Core J2EE Patterns for security, aiming to highlight common pitfalls and proper security implementation within design patterns. The project, originally a white paper donated to OWASP by Security Compass, offers mechanisms to disseminate security advice, communication with software designers effectively, and aid in locating security issues within Java EE applications. The current release consists of an initial write-up, with plans for adding example source code, .Net pattern analysis, Enterprise Application Architecture analysis, Enterprise Integration Patterns analysis, and emerging pattern analysis.
E N D
Security Analysis of the Core J2EE Patterns Rohit Sethi Security Compass rohit@securitycompass.com Education Project
Overview • Project to analyze the popular Core J2EE Patterns for security • Design-time activity aimed at pointing out common security pitfalls and proper ways to implement security within design patterns • Originally a white paper – donated to OWASP by Security Compass
Objectives • Provide mechanism to disseminate security advice independent of the underlying framework (e.g. Struts, Spring, custom MVC, etc.) • Speak to software designers in a language they understand and use to communicate design concepts (i.e. design patterns) • Aid security reviewers in where to look within a large, complex Java EE application for common security issues
Status and Future Objectives • Current release contains initial write-up • Currently soliciting additional security advice from application security community • Future objectives: • Add example source code • .Net pattern analysis • Fowler Patterns of Enterprise Application Architecture analysis • Enterprise Integration Patterns analysis • Emerging (e.g. Web 2.0) pattern analysis
