YoVDO

The Anatomy of a Secure Web Application in Java Using Spring Security and Apache Fortress

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Java Courses Apache Struts Courses Authorization Courses Web Application Security Courses Role-Based Access Control (RBAC) Courses Spring Security Courses

Course Description

Overview

Explore a comprehensive 35-minute technical session on building secure Java web applications using Spring Security and Apache Fortress. Dive into the Jakarta EE architecture and learn practical, hands-on techniques for implementing robust authentication, authorization, and confidentiality controls. Discover where to place security controls and why, with code examples to jumpstart your own highly secure Java web applications. Gain insights from industry experts Shawn McKinney and John Tumminaro as they demonstrate an end-to-end application security architecture for an Apache Wicket Web app running in Tomcat. Understand the importance of runtime Java security policies, ANSI RBAC INCITS 359 specification, and ABAC implementation. Walk through real-world examples, including role engineering samples and live demos of Apache Fortress, to enhance your understanding of secure web application development.

Syllabus

Objective
Intro
Recommendation
What's The Problem
Apache Struts Statement on Equifax Security Breach
The Solution (Take 2)
Employ a Runtime Java Security Policy
Not a Perfect Solution
the deadbolt
the security system
The Standards Journey
Use ANSI RBAC INCITS 359 Specification
Use RBAC Object Model
Apache Fortress Access Management SDK and Web Components
Use RBAC Functional Model
Example #3: Role Engineering Sample
Locks on the rooms
Apache Fortress Demo
RBAC Policy Enhanced
Use ANSI RBAC & ABAC
Under the Hood
ABAC Demo
Questions


Taught by

OWASP Foundation

Related Courses

Google Cloud Apigee Certified API Engineer
A Cloud Guru
Kubernetes Security
A Cloud Guru
Learn Angular Routing by building a Cocktails Application
Coursera Project Network via Coursera
API Security on Google Cloud's Apigee API Platform
Google Cloud via Coursera
API Security on Google Cloud's Apigee API Platform
Google via Google Cloud Skills Boost