j2eepatterns-interest

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: Core J2EE Pattern Security Analysis emanuel petre Wed Mar 25 05:00:40 2009

Thank you for the document. I will read it.Very interesting initiative.

Emanuel 

--- On Mon, 3/23/09, Rohit Sethi <[EMAIL PROTECTED]> wrote:

> From: Rohit Sethi <[EMAIL PROTECTED]>
> Subject: Re: Core J2EE Pattern Security Analysis
> To: [EMAIL PROTECTED]
> Date: Monday, March 23, 2009, 10:13 PM
> Hi Frank,
> 
> I'm attaching our alpha release of the design pattern
> security
> analysis. Please do not re-distribute and I loook forward
> to any
> comments you have. I'll be sure to include your name in
> the
> acknowledgements as well
> 
> Thanks,
> 
> Rohit
> 
> On Fri, Dec 19, 2008 at 10:26 PM, Frank Zhao <[EMAIL PROTECTED]>
> wrote:
> > Hi Rohit,
> > Good initiative, I 'd like to be added to the list of
> "learning your works
> > prior to public release"
> > thanks &regards
> > Frank
> >
> > 2008/12/19 Rohit Lists <[EMAIL PROTECTED]>
> >>
> >> Hello,
> >>
> >> I'm working with a couple of colleagues on writing
> a white paper which
> >> analyzes the Core J2EE Patterns from a security
> perspective in an
> >> effort to help developers think about security in
> the design phase.
> >> Unlike the Core Security Patterns book, which does
> an excellent job of
> >> documenting new patterns on how to implement
> "security code" such as
> >> authentication and authorization, our analysis is
> attempting to
> >> analyze the existing Core J2EE Patterns for common
> web application
> >> security vulnerabilities such as those found in
> the OWASP Top 10.
> >>
> >> We'd like to create a freely availabile guide
> documenting a security
> >> analysis for each pattern. Ideally we'll include
> the diagrams from the
> >> patterns site and augment them with security
> annotations. I'd like to
> >> first clear this of any copyright issues. I've
> tried both email
> >> addresses on the site with no luck. Does anyone
> know whom I can
> >> contact within Sun to get the appropriate
> permission?
> >>
> >> Also if anyone is interested in reviewing this
> work prior to public
> >> please contact me.
> >>
> >> Thanks,
> >>
> >> --
> >> Rohit Sethi
> >> Security Compass
> >> http://www.securitycompass.com
> >>
> >>
> ====================================================================
> >> Companion Site: http://www.corej2eepatterns.com
> >> J2EE BluePrints: http://java.sun.com/blueprints/corej2eepatterns
> >> List Archive:
> >> http://archives.java.sun.com/archives/j2eepatterns-interest.html
> >> Unsubscribing: email "signoff
> J2EEPATTERNS-INTEREST" to
> >> [EMAIL PROTECTED]
> >
> >
> ====================================================================
> > Companion Site: http://www.corej2eepatterns.com J2EE BluePrints:
> > http://java.sun.com/blueprints/corej2eepatterns List
> Archive:
> > http://archives.java.sun.com/archives/j2eepatterns-interest.html
> > Unsubscribing: email "signoff J2EEPATTERNS-INTEREST"
> to
> > [EMAIL PROTECTED]
> 
> 
> 
> -- 
> Rohit Sethi
> Security Compass
> http://www.securitycompass.com
> 
> ====================================================================
> Companion Site: http://www.corej2eepatterns.com
> J2EE BluePrints: http://java.sun.com/blueprints/corej2eepatterns
> List Archive: http://archives.java.sun.com/archives/j2eepatterns-interest.html
> Unsubscribing: email "signoff J2EEPATTERNS-INTEREST" to [EMAIL PROTECTED]
> 


      

====================================================================
Companion Site: http://www.corej2eepatterns.com
J2EE BluePrints: http://java.sun.com/blueprints/corej2eepatterns
List Archive: http://archives.java.sun.com/archives/j2eepatterns-interest.html
Unsubscribing: email "signoff J2EEPATTERNS-INTEREST" to [EMAIL PROTECTED]