Sponsors
  • Intel
  • Microsoft
  • Google
  • Sun Microsystems
  • BT
  • IBM
  • Yahoo! Inc.
  • Zimbra
  • Atlassian Software Systems
  • Disney
  • EnterpriseDB
  • Etelos
  • Ingres
  • JasperSoft
  • Kablink
  • Linagora
  • MindTouch
  • Mozilla Corporation
  • Novell, Inc.
  • Open Invention Network
  • OpSource
  • RightScale
  • Silicon Mechanics
  • Tenth Planet
  • Ticketmaster
  • Voiceroute
  • White Oak Technologies, Inc.
  • XAware
  • ZDNet

Sponsorship Opportunities

For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at scordesse@oreilly.com.

Media Partner Opportunities

Download the Media & Promotional Partner Brochure (PDF) for more information on trade opportunities with O'Reilly conferences, or contact mediapartners@oreilly.com.

Press and Media

For media-related inquiries, contact Maureen Jennings at maureen@oreilly.com.

OSCON Newsletter

To stay abreast of conference news and to receive email notification when registration opens, please sign up for the OSCON newsletter (login required).

Contact Us

View a complete list of OSCON 2008 Contacts

Securing Java Applications with OWASP's Enterprise Security API

Kevin Kenan (Lunar Logic)
11:35am Friday, 07/25/2008
Security
 Location: D139/140
Average rating: ***..
(3.50, 2 ratings)

While most developers have heard the saying “build security in,” doing so typically requires each team to build and maintain its own repository of security mechanisms. Not only is this risky and ad hoc, it is also very inefficient and costly. OWASP’s Enterprise Security API is a free and open collection of security methods that can be easily used and reused.

The cost savings through reduced development time, and the increased security due to using heavily analyzed and carefully designed security methods provide developers with a massive advantage over organizations that are trying to deal with security using existing ad hoc secure coding techniques. This API is designed to automatically and transparently take care of many aspects of application security.

This talk will discuss the various ESAPI modules including functionality for:

  • Authentication
  • Encryption
  • Validation
  • Encoding
  • Logging
  • Intrusion detection

Read more about ESAPI on OWASP’s ESAPI wiki page.

People planning to attend this session also want to see:

Kevin Kenan

Lunar Logic

Kevin Kenan is an information security consultant, author, and speaker based out of Eugene, Oregon. He is the author of Cryptography in the Database and is a former senior manager in Symantec’s Information Security department. He currently works as a security architect at Lunar Logic, and his experience includes professional roles in secure software and database development, cryptosystem design and implementation, and security architecture.

Kevin is a Certified Information Systems Security Professional (CISSP) and a Certified Information Privacy Professional (CIPP). He also holds certifications in COBiT and ITIL. Kevin graduated from the University of Oregon with a Bachelor of Science with Honors in Mathematics and a minor in Economics.

OSCON 2008