ApacheCon: Programm für Donnerstag, den 10. April 2008
Am zweiten Tag auf der ApacheCon gibt es auch wieder zahlreiche Programmpunkte rund um den freien Webserver. Das Linux-Magazin streamt heute kostenlos den Vortrag "Apache and Steam Engines: the magic of collaborative innovation" von Rishab Aiyer Ghosh, der um 11.30 Uhr beginnt. Die Vorträge finden in englischer Sprache statt.
Donnerstag, 10. April 2008 - Web Security
|09:00 - 10:00||
Hardening Enterprise Apache Installations Against Attacks
Enterprise installations of Apache are particularly attractive targets for malicious attacks including Denial of Service, defacement, theft of data or service and installation of zombies or viruses. Hardening your deployment against such attacks calls for some special techniques and tactics. Come to this session to learn about attack detection techniques, server protection, secure deployment of multiple servers, configuration of firewall "demilitarized zones" and judicious use of SSL encryption.
|10:00 - 11:00||
Web Intrusion Detection with ModSecurity
Intrusion detection is a well-known network security technique -- it introduces monitoring and correlation devices to networks, enabling administrators to monitor events and detect attacks and anomalies in real-time. Web intrusion detection does the same but it works on the HTTP level, making it suitable to deal with security issues in web applications. This session will start with an overview of web intrusion detection and web application firewalls, discussing where they belong in the overall protection strategy. The second part of the talk will discuss ModSecurity and its capabilities.
|11:00 - 11:30||Coffee Break|
|11:30 - 12:30||
Apache and Steam Engines: the magic of collaborative innovation
The phenomenal success of Apache and other open source software seems incredibly new, even revolutionary. Yet the collaborative creation of knowledge has gone on for as long as humans have been able to communicate. Rishab looks at collaborative model of creativity, from 18th century steam engines to the human genome project and discusses why and how collaborative creativity works. Using data from the FLOSS studies, he shows how this makes free software a continuing source of economic value and innovation around the world.
|12:30 - 14:00||Lunch Break|
|14:00 - 15:00||
Web Application Security With/Despite Web 2.0
|15:00 - 16:00||
Kerberos and Single Sign-on with HTTP
Single sign-on is the holy grail of authentication; Kerberos is becoming the industry standard for network authentication. This presentation will look at current solutions for implementing enterpise-wide single sign-on for web sites using Kerberos and the Apache HTTP Server, including the "mod_auth_kerb" module. Some of the problems with these solutions will be discussed, and work on new approaches will be covered.
|16:00 - 16:30||Coffee Break|
|16:30 - 17:30||
Apache Triplesec: Strong (2-factor) Mobile Identity Management
Identity management and security technologies dealing with multifactor authentication to deter phishing scams are in high demand. Triplesec combines the features of an identity management platform along with a strong (2-factor) authentication solution with a mobile key fob that runs on your cell phone. Triplesec is a hybrid server that will allow for 2-factor authentication, SSO, centralized authorization policy management and event auditing for meeting various regulatory standards. Using Triplesec we will show you how to enable 2-factor authentication in your applications using a cost effective mobile token that runs on any J2ME MIDP 1.0 compatible device.
|17:30 - 18:30||
Apache DS: Bringing "lightweight" to ldap development
Apache Directory Server (ApacheDS) is the ideal directory server for developing LDAP aware software. It is often very difficult to reproduce production environments during various phases the software development lifecycle. Embedding ApacheDS into your tests alleviates the pain of having to launch a full LDAP server beside your tests : you get it for free, unit and integration tests are then easy to write and run. This presentation will show you how to use ApacheDS in a development environment, and why it would be a good idea to use it in production as well.