Speakers
- Brad Abrams
- Tom Ball
- Tim Berglund
- David Boloker
- Ryan Breen
- Thomas Burleson
- Bob Byron
- Max Carlson
- James Carr
- Ludovic Champenois
- Patrick Chanezon
- Scott Davis
- Gabriel Dayley
- Scott Dietzen
- Keith Donald
- Nicholas Eddy
- Ben Ellingson
- Cal Evans
- Jon Ferraiolo
- Neal Ford
- Thomas Fuchs
- Jesse James Garrett
- Mike Girouard
- Nate Grover
- Aaron Gustafson
- Kevin Hakman
- Clint Hall
- Stuart Halloway
- Patrick Haney
- Mike Heath
- Josh Holmes
- Molly Holzschlag
- Kevin Hoyt
- Bob Ippolito
- Denise Jacobs
- Bruce Johnson
- Sean Kane
- Dave Klein
- Nik Krimm
- Brian Leroux
- Howard Lewis Ship
- Andrew Lombardi
- Kevin Lynch
- Dustin Machi
- Matthew McCullough
- Steffen Meschkat
- Eric Miller
- Eric Miraglia
- William Morris
- Rebecca Murphey
- Mark Murphy
- Ted Neward
- Aaron Newton
- Pratik Patel
- Vic Patterson
- Nandini Ramani
- Aza Raskin
- Torrey Rice
- Tom Robinson
- Rick Ross
- Rob Rusher
- Alex Russell
- Christian Schalk
- Dylan Schiemann
- Matt Schmidt
- Nathaniel Schutta
- Bill Scott
- Scott Shattuck
- Deryk Sinotte
- Ken Sipe
- Brian Sletten
- Steve Souders
- Etienne Studer
- Venkat Subramaniam
- Tenni Theurer
- David Verba
- Rich Waters
- Dustin Whittle
- Mike Wilcox
- Greg Wilkins
- James Williams
- Chris Wilson
- Andrew Wirick
- Richard Worth
- Nicholas C. Zakas
- Kris Zyp
Ken Sipe
Technology Director, Perficient, Inc. (PRFT)
Ken was the founder of CodeMentor, where he was the Chief Architect and Mentor, leading clients in the execution of RUP and Agile methodologies in the delivery of software solutions.
Ken has a deep need to be highly diversified. Ken often works with IT executives on high-level strategic roadmaps, currently geared around service oriented architectures (SOA). Ken also likes to keep his hands "dirty" in the code, which has him on a regular basis, pairing or otherwise producing code. Ken is regularly requested by clients that know him to "rescue" projects, either through the streamlining of processes or the rapid production of code.
Presentations
Security Code Review
Security concerns abound... more »XSS-Proof
Companies have focused for years to solidify the back-end infrastructure in defense against hacking attempts. Most companies however are forced to open up many ports including port 80 (http) for users to access web applications among other resources. T more »Enterprise Security API library from OWASP
When it comes to cross cutting software concerns, we expect to have or build a common framework or utility to solve this problem. This concept is represented well in the Java world with the loj4j framework, which abstracts the concern of logging, where i more »Black Hat/ White Hat Security
TBA more »Black Hat/ White Hat Security
1st workshop - Black Hat - Hacking more »Black Hat/ White Hat Security
White Hat Section more »Security Code Review
By Ken Sipe
Security concerns abound... According to Gartner 75% of all attacks are at the web application tier. There has never been a more urgent time to understand the security concerns and how to apply solutions to our web applications.
This session will look through the details of threat modeling, who should do it and how does it fit into the software development life-cycle.
XSS-Proof
By Ken Sipe
Companies have focused for years to solidify the back-end infrastructure in defense against hacking attempts. Most companies however are forced to open up many ports including port 80 (http) for users to access web applications among other resources. This has lead to web attacks growing to be the #1 classification of hacker attacks today. In this space Cross Site Scripting (XSS) is the #1 ranked vulnerability affecting a large number of sites. This evolution requires that the understanding of securing an application move beyond sys admins and incorporate all aspects of system delivery for the protection of a system and system resources.
This session will detail what XSS is, including a large number of vectors of attack. We will review information from several OWASP development guides, along with code review tips when focused on XSS. An enabling aspect of XSS is AJAX and in particular JavaScript, for which we will focus on techniques and frameworks to help secure the DOM. Attendees will learn the techniques necessary to help XSS-Proof their web applications.
Enterprise Security API library from OWASP
By Ken Sipe
When it comes to cross cutting software concerns, we expect to have or build a common framework or utility to solve this problem. This concept is represented well in the Java world with the loj4j framework, which abstracts the concern of logging, where it logs and the management of logging. The one cross cutting software concern which seems for most applications to be piecemeal is that of security. Security concerns include certification generation, SSL, protection from SQL Injection, protection from XSS, user authorization and authentication. Each of these separate concerns tend to have there own standards and libraries and leaves it as an exercise for the development team to cobble together a solution which includes multiple needs.... until now... Enterprise Security API library from OWASP.
This session will look at a number of security concerns and how the ESAPI library provides a unified solution for security. This includes authorization, authentication of services, encoding, encrypting, and validation. This session will discuss a number of issues which can be solved through standardizing on the open source Enterprise Security API.
Black Hat/ White Hat Security
By Ken Sipe
TBA
TBA
Black Hat/ White Hat Security
By Ken Sipe
1st workshop - Black Hat - Hacking
TBA
Black Hat/ White Hat Security
By Ken Sipe
White Hat Section
TBA
Books
by Gary Mak, Daniel Rubio, and Josh Long
Price: $33.74
You Save: $26.25 (44%)
-
With over 3 Million users/developers, Spring Framework is the leading “out of the box” Java framework. Spring addresses and offers simple solutions for most aspects of your Java/Java EE application development, and guides you to use industry best practices to design and implement your applications.
The release of Spring Framework 3 has ushered in many improvements and new features. Spring Recipes: A Problem-Solution Approach, Second Edition continues upon the bestselling success of the previous edition but focuses on the latest Spring 3 features for building enterprise Java applications. This book provides elementary to advanced code recipes to account for the following, found in the new Spring 3:
- Spring fundamentals: Spring IoC container, Spring AOP/ AspectJ, and more
- Spring enterprise: Spring Java EE integration, Spring Integration, Spring Batch, jBPM with Spring, Spring Remoting, messaging, transactions, scaling using Terracotta and GridGrain, and more.
- Spring web: Spring MVC, Spring Web Flow 2, Spring Roo, other dynamic scripting, integration with popular Grails Framework (and Groovy), REST/web services, and more.
This book guides you step by step through topics using complete and real-world code examples. Instead of abstract descriptions on complex concepts, you will find live examples in this book. When you start a new project, you can consider copying the code and configuration files from this book, and then modifying them for your needs. This can save you a great deal of work over creating a project from scratch!
What you’ll learn
- How to use the IoC container and the Spring application context to best effect.
- Spring’s AOP support, both classic and new Spring AOP, integrating Spring with AspectJ, and load-time weaving.
- Simplifying data access with Spring (JDBC, Hibernate, and JPA) and managing transactions both programmatically and declaratively.
- Spring’s support for remoting technologies (RMI, Hessian, Burlap, and HTTP Invoker), EJB, JMS, JMX, email, batch, scheduling, and scripting languages.
- Integrating legacy systems with Spring, building highly concurrent, grid-ready applications using Gridgain and Terracotta Web Apps, and even creating cloud systems.
- Building modular services using OSGi with Spring DM and Spring Dynamic Modules and SpringSource dm Server.
- Delivering web applications with Spring Web Flow, Spring MVC, Spring Portals, Struts, JSF, DWR, the Grails framework, and more.
- Developing web services using Spring WS and REST; contract-last with XFire, and contract–first through Spring Web Services.
- Spring’s unit and integration testing support (on JUnit 3.8, JUnit 4, and TestNG).
- How to secure applications using Spring Security.
Who this book is for
This book is for Java developers who would like to rapidly gain hands-on experience with Java/Java EE development using the Spring framework. If you are already a developer using Spring in your projects, you can also use this book as a reference—you’ll find the code examples very useful.