Aufmacher News

ApacheCon: Programm für Donnerstag, den 10. April 2008

Henrik Däschner

Am zweiten Tag auf der ApacheCon gibt es auch wieder zahlreiche Programmpunkte rund um den freien Webserver. Das Linux-Magazin streamt heute kostenlos den Vortrag "Apache and Steam Engines: the magic of collaborative innovation" von Rishab Aiyer Ghosh, der um 11.30 Uhr beginnt. Die Vorträge finden in englischer Sprache statt.

Donnerstag, 10. April 2008 - Web Security

09:00 - 10:00

Hardening Enterprise Apache Installations Against Attacks
Sander Temme

Enterprise installations of Apache are particularly attractive targets for malicious attacks including Denial of Service, defacement, theft of data or service and installation of zombies or viruses. Hardening your deployment against such attacks calls for some special techniques and tactics. Come to this session to learn about attack detection techniques, server protection, secure deployment of multiple servers, configuration of firewall "demilitarized zones" and judicious use of SSL encryption.

10:00 - 11:00

Web Intrusion Detection with ModSecurity
Ivan Ristic

Intrusion detection is a well-known network security technique -- it introduces monitoring and correlation devices to networks, enabling administrators to monitor events and detect attacks and anomalies in real-time. Web intrusion detection does the same but it works on the HTTP level, making it suitable to deal with security issues in web applications. This session will start with an overview of web intrusion detection and web application firewalls, discussing where they belong in the overall protection strategy. The second part of the talk will discuss ModSecurity and its capabilities.

11:00 - 11:30 Coffee Break
11:30 - 12:30

Apache and Steam Engines: the magic of collaborative innovation
[Kostenloser Stream] Rishab Aiyer Ghosh

The phenomenal success of Apache and other open source software seems incredibly new, even revolutionary. Yet the collaborative creation of knowledge has gone on for as long as humans have been able to communicate. Rishab looks at collaborative model of creativity, from 18th century steam engines to the human genome project and discusses why and how collaborative creativity works. Using data from the FLOSS studies, he shows how this makes free software a continuing source of economic value and innovation around the world.

12:30 - 14:00 Lunch Break
14:00 - 15:00

Web Application Security With/Despite Web 2.0
Christian Wenz

Web 2.0 took the internet world by storm. Especially attackers welcome the new possibilities created by Ajax, the increased use of JavaScript, opening up applications via web services, and user generated content. This session shows common pitfalls with modern "Web 2.0" applications and help you to avoid becoming the next victim on the ever-growing list. Web security has not changed that much, but web applications have. Come to this (technology-agnostic) session to learn best practices for state-of-the-art websites.

15:00 - 16:00

Kerberos and Single Sign-on with HTTP
Joe Orton

Single sign-on is the holy grail of authentication; Kerberos is becoming the industry standard for network authentication. This presentation will look at current solutions for implementing enterpise-wide single sign-on for web sites using Kerberos and the Apache HTTP Server, including the "mod_auth_kerb" module. Some of the problems with these solutions will be discussed, and work on new approaches will be covered.

16:00 - 16:30 Coffee Break
16:30 - 17:30

Apache Triplesec: Strong (2-factor) Mobile Identity Management
Alex Karasulu

Identity management and security technologies dealing with multifactor authentication to deter phishing scams are in high demand. Triplesec combines the features of an identity management platform along with a strong (2-factor) authentication solution with a mobile key fob that runs on your cell phone. Triplesec is a hybrid server that will allow for 2-factor authentication, SSO, centralized authorization policy management and event auditing for meeting various regulatory standards. Using Triplesec we will show you how to enable 2-factor authentication in your applications using a cost effective mobile token that runs on any J2ME MIDP 1.0 compatible device.

17:30 - 18:30

Apache DS: Bringing "lightweight" to ldap development
Emmanuel Lecharny

Apache Directory Server (ApacheDS) is the ideal directory server for developing LDAP aware software. It is often very difficult to reproduce production environments during various phases the software development lifecycle. Embedding ApacheDS into your tests alleviates the pain of having to launch a full LDAP server beside your tests : you get it for free, unit and integration tests are then easy to write and run. This presentation will show you how to use ApacheDS in a development environment, and why it would be a good idea to use it in production as well.

Ähnliche Artikel


Aktuelle Fragen

Joe Cole, 15.03.2018 15:15, 1 Antworten
Ich bin derzeit selbständig und meine Existenz hängt am meinem Unternehmen. Wahrscheinlich verfol...
Brother drucker einrichten.
Achim Zerrer, 13.03.2018 11:26, 1 Antworten
Da mein Rechner abgestürzt war, musste ich das Betriebssystem neu einrichten. Jetzt hänge ich wi...
Internet abschalten
Karl-Heinz Hauser, 20.02.2018 20:10, 2 Antworten
In der Symbolleiste kann man das Kabelnetzwerk ein und ausschalten. Wie sicher ist die Abschaltu...
JQuery-Script läuft nicht mit Linux-Browsern
Stefan Jahn, 16.02.2018 12:49, 2 Antworten
Hallo zusammen, ...folgender goldener Code (ein jQuery-Script als Ergebnis verschiedener Exper...
XSane-Fotokopie druckt nicht mehr
Wimpy *, 30.01.2018 13:29, 6 Antworten
openSuse 42.3 KDE 5.8.7 Seit einem Software-Update druckt XSane keine Fotokopie mehr aus. Fehler...