Aufmacher News

ApacheCon: Programm für Donnerstag, den 10. April 2008

Henrik Däschner

Am zweiten Tag auf der ApacheCon gibt es auch wieder zahlreiche Programmpunkte rund um den freien Webserver. Das Linux-Magazin streamt heute kostenlos den Vortrag "Apache and Steam Engines: the magic of collaborative innovation" von Rishab Aiyer Ghosh, der um 11.30 Uhr beginnt. Die Vorträge finden in englischer Sprache statt.

Donnerstag, 10. April 2008 - Web Security

09:00 - 10:00

Hardening Enterprise Apache Installations Against Attacks
Sander Temme

Enterprise installations of Apache are particularly attractive targets for malicious attacks including Denial of Service, defacement, theft of data or service and installation of zombies or viruses. Hardening your deployment against such attacks calls for some special techniques and tactics. Come to this session to learn about attack detection techniques, server protection, secure deployment of multiple servers, configuration of firewall "demilitarized zones" and judicious use of SSL encryption.

10:00 - 11:00

Web Intrusion Detection with ModSecurity
Ivan Ristic

Intrusion detection is a well-known network security technique -- it introduces monitoring and correlation devices to networks, enabling administrators to monitor events and detect attacks and anomalies in real-time. Web intrusion detection does the same but it works on the HTTP level, making it suitable to deal with security issues in web applications. This session will start with an overview of web intrusion detection and web application firewalls, discussing where they belong in the overall protection strategy. The second part of the talk will discuss ModSecurity and its capabilities.

11:00 - 11:30 Coffee Break
11:30 - 12:30

Apache and Steam Engines: the magic of collaborative innovation
[Kostenloser Stream] Rishab Aiyer Ghosh

The phenomenal success of Apache and other open source software seems incredibly new, even revolutionary. Yet the collaborative creation of knowledge has gone on for as long as humans have been able to communicate. Rishab looks at collaborative model of creativity, from 18th century steam engines to the human genome project and discusses why and how collaborative creativity works. Using data from the FLOSS studies, he shows how this makes free software a continuing source of economic value and innovation around the world.

12:30 - 14:00 Lunch Break
14:00 - 15:00

Web Application Security With/Despite Web 2.0
Christian Wenz

Web 2.0 took the internet world by storm. Especially attackers welcome the new possibilities created by Ajax, the increased use of JavaScript, opening up applications via web services, and user generated content. This session shows common pitfalls with modern "Web 2.0" applications and help you to avoid becoming the next victim on the ever-growing list. Web security has not changed that much, but web applications have. Come to this (technology-agnostic) session to learn best practices for state-of-the-art websites.

15:00 - 16:00

Kerberos and Single Sign-on with HTTP
Joe Orton

Single sign-on is the holy grail of authentication; Kerberos is becoming the industry standard for network authentication. This presentation will look at current solutions for implementing enterpise-wide single sign-on for web sites using Kerberos and the Apache HTTP Server, including the "mod_auth_kerb" module. Some of the problems with these solutions will be discussed, and work on new approaches will be covered.

16:00 - 16:30 Coffee Break
16:30 - 17:30

Apache Triplesec: Strong (2-factor) Mobile Identity Management
Alex Karasulu

Identity management and security technologies dealing with multifactor authentication to deter phishing scams are in high demand. Triplesec combines the features of an identity management platform along with a strong (2-factor) authentication solution with a mobile key fob that runs on your cell phone. Triplesec is a hybrid server that will allow for 2-factor authentication, SSO, centralized authorization policy management and event auditing for meeting various regulatory standards. Using Triplesec we will show you how to enable 2-factor authentication in your applications using a cost effective mobile token that runs on any J2ME MIDP 1.0 compatible device.

17:30 - 18:30

Apache DS: Bringing "lightweight" to ldap development
Emmanuel Lecharny

Apache Directory Server (ApacheDS) is the ideal directory server for developing LDAP aware software. It is often very difficult to reproduce production environments during various phases the software development lifecycle. Embedding ApacheDS into your tests alleviates the pain of having to launch a full LDAP server beside your tests : you get it for free, unit and integration tests are then easy to write and run. This presentation will show you how to use ApacheDS in a development environment, and why it would be a good idea to use it in production as well.

Ähnliche Artikel


Aktuelle Fragen

WLan mit altem Notebook funktioniert nicht mehr
Stefan Jahn, 22.08.2017 15:13, 0 Antworten
Ich habe ein altes Compaq-6710b Notebook mit Linux Mint Sonya bei dem WLan neulich noch funktioni...
Würde gerne im Tor-Browser benutzen, oder zu gefährlich?
Wimpy *, 21.08.2017 13:24, 1 Antworten
Im Tor-Netzwerk (Tor-Browser) kann ich nicht nutzen....
Samsung VG-KBD1500 - Bluetooth-Tastatur mit Touchpad mit Xubuntu 16.04.2 LTS
Linux- & BSD-UserGroup im Weserbergland, 16.08.2017 19:16, 0 Antworten
Bin grad mit "meinem Latein am Ende" darum hier mal so in den Raum geworfen. Samsung VG-KBD1500 -...
Tails verbindet nicht mit WLan
Georg Vogel, 30.07.2017 15:06, 5 Antworten
Hallo zusammen! Habe mir von Linux Mint aus einen Tails USB-Stick erstellt. Läuft soweit gut,...
Genivi for Raspberry Pi 3
Sebastian Ortmanns, 28.07.2017 10:37, 1 Antworten
I try to build a Genivi Development Platform for Rasberry Pi 3. But I always get the failures bel...