Java Web Application Security: Develop. Penetrate. Protect. Relax.

About this Presentation

In this session, you'll learn how to implement authentication in your Java web applications using Spring Security, Apache Shiro and good ol' Java EE 6 Container Managed Authentication. You'll also learn how to secure your REST API with OAuth and lock it down with SSL.

After learning how to develop authentication, I'll introduce you to OWASP, the OWASP Top 10, its Testing Guide and its Code Review Guide. From there, I'll discuss using Zed Attack Proxy to verify your app is secure and commercial tools like webapp firewalls and accelerators.