Application security - the art of applications defending themselves -
represents an important line of defence in an overall in-depth security
strategy. Web applications that follow the Model-View-Controller (MVC)
architecture can, and should, have security implemented on all three layers.
Normally it's the controller component that handles page authorization in
MVC, the view layer that hides controls and information based on user
authorization, and the model that enforces the business rules and input
validation. However, it's up to the developer, based on an individual
security policy and the programming technology used, to decide where to put
security. Using pluggable validator components in JavaServer Faces (JSF), for
example, developers may decide to verify user inpu... (more)
If you have evaluated AJAX (Asynchronous JavaScript and XML) for your next
Web application development project, then you probably have read or heard a
great deal about AJAX security concerns and the claim that AJAX increases the
attack surface for hackers. If you are a skilled security developer, you
might wonder whether the AJAX security problem originates in the technologies
involved o... (more)
If you have evaluated AJAX (Asynchronous JavaScript and XML) for your next
Web application development project, then you probably have read or heard a
great deal about AJAX security concerns and the claim that AJAX increases the
attack surface for hackers. If you are a skilled security developer, you
might wonder whether the AJAX security problem originates in the technologies
involved o... (more)
Frank Nimphius is a principal product manager for application development tools at Oracle Corporation. As a conference speaker, Frank represents the Oracle J2EE development team at J2EE conferences world wide, including various Oracle user groups and the Oracle Open World conference.
Doug Warren
Bob Snyder
Alf Pilgrim
Per Sjofors
Kirsten Lytsen
Data Recovery Services
Colin Armitage
