[ owasp security ]
Prompted by James, I signed up a little while ago to the OWASP Bay Area chapter, keen to learn more about application security, both in hardening OpenSSO and Access Manager and in how those projects/products can contribute to securing applications. Well, whaddya know, the next meeting is a half day Application Security Summit at the Microsoft facility in Mountain View next Wednesday, when I'll be out of town. Keen as I am to attend OWASP, I think the Jazoon folks would be a little upset if I didn't show up for my session on OpenSSO, so I'll have to be content with encouraging folks in the Bay Area to attend - all the details are here and, apparently, space is limited, so if you're interested, sign up now!
@ 08:29 PM PDT
Comments [2]
![[Feed]](http://blogs.sun.com/roller/resources/superpat/feed-icon16x16.png)
![[This is a Roller site]](/themes/sotto/images/roller-logo.gif){kind=logo}
James:
GM is asking for Sun's solution and progress in defining solutions for OWASP for J2EE applications. Can you share more information on how OpenSSO Enterprise 8 is addressing OWASP vulnerabilities?
Thanks,
m2
Posted by Mark Moody on October 06, 2008 at 07:46 AM PDT #
Hi Mark,
I assume you meant to address me (Pat) instead of James :-)
As it happens, we've just appointed an architect on the OpenSSO team to oversee security issues - watch Rajeev's blog - http://blogs.sun.com/rangal/ - for more on the topic.
While OWASP has some relevance to OpenSSO's security (as OpenSSO is itself a Web application), and OpenSSO can help make apps more secure in enforcing access management policy, as far as I can see, the main lesson from OWASP is that you CAN'T sprinkle on magic security dust - you still have to secure your Web app.
Posted by Pat Patterson on October 06, 2008 at 08:15 AM PDT #