ApacheCon: Programm für Donnerstag, den 10. April 2008

Aufmacher News

Henrik Däschner
10.04.2008

Am zweiten Tag auf der ApacheCon gibt es auch wieder zahlreiche Programmpunkte rund um den freien Webserver. Das Linux-Magazin streamt heute kostenlos den Vortrag "Apache and Steam Engines: the magic of collaborative innovation" von Rishab Aiyer Ghosh, der um 11.30 Uhr beginnt. Die Vorträge finden in englischer Sprache statt.

Donnerstag, 10. April 2008 - Web Security

09:00 - 10:00

Hardening Enterprise Apache Installations Against Attacks
Sander Temme

Enterprise installations of Apache are particularly attractive targets for malicious attacks including Denial of Service, defacement, theft of data or service and installation of zombies or viruses. Hardening your deployment against such attacks calls for some special techniques and tactics. Come to this session to learn about attack detection techniques, server protection, secure deployment of multiple servers, configuration of firewall "demilitarized zones" and judicious use of SSL encryption.

10:00 - 11:00

Web Intrusion Detection with ModSecurity
Ivan Ristic

Intrusion detection is a well-known network security technique -- it introduces monitoring and correlation devices to networks, enabling administrators to monitor events and detect attacks and anomalies in real-time. Web intrusion detection does the same but it works on the HTTP level, making it suitable to deal with security issues in web applications. This session will start with an overview of web intrusion detection and web application firewalls, discussing where they belong in the overall protection strategy. The second part of the talk will discuss ModSecurity and its capabilities.

11:00 - 11:30 Coffee Break
11:30 - 12:30

Apache and Steam Engines: the magic of collaborative innovation
[Kostenloser Stream] Rishab Aiyer Ghosh

The phenomenal success of Apache and other open source software seems incredibly new, even revolutionary. Yet the collaborative creation of knowledge has gone on for as long as humans have been able to communicate. Rishab looks at collaborative model of creativity, from 18th century steam engines to the human genome project and discusses why and how collaborative creativity works. Using data from the FLOSS studies, he shows how this makes free software a continuing source of economic value and innovation around the world.

12:30 - 14:00 Lunch Break
14:00 - 15:00

Web Application Security With/Despite Web 2.0
Christian Wenz

Web 2.0 took the internet world by storm. Especially attackers welcome the new possibilities created by Ajax, the increased use of JavaScript, opening up applications via web services, and user generated content. This session shows common pitfalls with modern "Web 2.0" applications and help you to avoid becoming the next victim on the ever-growing list. Web security has not changed that much, but web applications have. Come to this (technology-agnostic) session to learn best practices for state-of-the-art websites.

15:00 - 16:00

Kerberos and Single Sign-on with HTTP
Joe Orton

Single sign-on is the holy grail of authentication; Kerberos is becoming the industry standard for network authentication. This presentation will look at current solutions for implementing enterpise-wide single sign-on for web sites using Kerberos and the Apache HTTP Server, including the "mod_auth_kerb" module. Some of the problems with these solutions will be discussed, and work on new approaches will be covered.

16:00 - 16:30 Coffee Break
16:30 - 17:30

Apache Triplesec: Strong (2-factor) Mobile Identity Management
Alex Karasulu

Identity management and security technologies dealing with multifactor authentication to deter phishing scams are in high demand. Triplesec combines the features of an identity management platform along with a strong (2-factor) authentication solution with a mobile key fob that runs on your cell phone. Triplesec is a hybrid server that will allow for 2-factor authentication, SSO, centralized authorization policy management and event auditing for meeting various regulatory standards. Using Triplesec we will show you how to enable 2-factor authentication in your applications using a cost effective mobile token that runs on any J2ME MIDP 1.0 compatible device.

17:30 - 18:30

Apache DS: Bringing "lightweight" to ldap development
Emmanuel Lecharny

Apache Directory Server (ApacheDS) is the ideal directory server for developing LDAP aware software. It is often very difficult to reproduce production environments during various phases the software development lifecycle. Embedding ApacheDS into your tests alleviates the pain of having to launch a full LDAP server beside your tests : you get it for free, unit and integration tests are then easy to write and run. This presentation will show you how to use ApacheDS in a development environment, and why it would be a good idea to use it in production as well.

Ähnliche Artikel

Kommentare

Aktuelle Fragen

PCLinuxOS Version 2014.08 "FullMonty" Umstellung auf deutsch
Karl-Heinz Welz, 19.12.2014 09:55, 3 Antworten
Hallo, liebe Community, ich bin 63 Jahre alt und möchte jetzt nach Jahrzehnten Windows zu Linux...
ICEauthority
Thomas Mann, 17.12.2014 14:49, 2 Antworten
Fehlermeldung beim Start von Linux Mint: Could not update ICEauthority file / home/user/.ICEauth...
Linux einrichten
Sigrid Bölke, 10.12.2014 10:46, 5 Antworten
Hallo, liebe Community, bin hier ganz neu,also entschuldigt,wenn ich hier falsch bin. Mein Prob...
Externe USB-Festplatte mit Ext4 formatiert, USB-Stick wird nicht mehr eingebunden
Wimpy *, 02.12.2014 16:31, 0 Antworten
Hallo, ich habe die externe USB-FP, die nur für Daten-Backup benutzt wird, mit dem YaST-Partition...
Steuern mit Linux
Siegfried Markner, 01.12.2014 11:56, 2 Antworten
Welches Linux eignet sich am besten für Steuerungen.