Blogs

View all Blogs >>

Cal Evans

Editor of DevZone for Zend Technologies, Inc.

Dear Reader, [Disclaimer: The views expressed in this post are mine, go get your own.] I’ve just returned from »
Richard Monson-Haefel

VP of Developer Relations, Curl Inc.

»
Howard Lewis Ship

Creator of Tapestry and HiveMind

Looks like 5.0.16 will not be the final release, there will be a very modest 5.0.l7 that addresses a couple of annoyances that didn't have... »
Josh Holmes

Microsoft Architect Evangelist based in Michigan...

»
Aaron Gustafson

Principal - Easy! Designs, LLC

Am erican Airlines Debuts Mobile Boa »
Neal Ford

Application Architect at ThoughtWorks, Inc.

One of the techniques I »
Shashank Tiwari

Chief Technologist at Saven Technologies

»
Brad Abrams

Group Program Manager for the Atlas Team at Microsoft

Ccontinuing in our weekly blog post series that hig »
Nathaniel Schutta

Author, speaker, software engineer focused on user interface design.

Today we learned something important, the NTSB announced the »
Stuart Halloway

CEO of Relevance

I will be bringing »
Ludovic Champenois

Technology Director/Senior Architect @ Sun Microsystems

Are you sure GlassFish v3 Prelude is OSGi compliant? Can it run on top of Eclipse Equinox? Prove it... »
Alex Russell

Project Lead, Dojo Toolkit & Director of R&D, SitePen

Contents after the jump due to the political (and highly contentious) nature of the content. A couple of »
Greg Wilkins

Lead Developer of the Jetty Open Source Servlet Server

Valery Silaev has pointed me to an article on flex.sys-con.com that demonstrates how the asynchro »
Bob Ippolito

Creator of Mochikit

simplejson ( »
Venkat Subramaniam

Founder of Agile Developer, Inc.

I wrote a four part article for Java World on creating DSLs in Java and Groovy. For your convenience, I decided to list the links to those... »
Jason Harwig

Senior Software Engineer at Near Infinity

The most popular entry I've written at Near Infinity has been the »
Bruce Johnson

Tech Lead of the Google Web Toolkit (GWT)

li { margin-top: 0.5em } We're happy — no, ecstatic — to announce that GWT 1.5 is now officially released and availab »
Aza Raskin

President and Co-founder of Humanized

What would the web be like if you could tell it what you want to do as easily as you currently tell it where you want to go? »
Keith Donald

Lead of Spring Web and Creator of Spring Web Flow

I am pleased to announce that Developing Rich Web Applications with Spring, a three-day bootcamp lead by SpringSource engineers on web... »
Ryan Breen

Vice President of Technology at Gomez

There’s been so much going on in the performance space lately that I’ve been snowed under. It’s difficult to know where to... »
Sean Kane

Director, User Interface Engineering at Netflix

The top ranking update on Apple’s About the Mac OS X 10.5.3 »
Ron Bodkin

Chief Software Architect, Quantcast

I'm looking forward to speaking at The Rich Web Experience conference in San Jose next month. The event runs from September 7th through 9th.... »
Etienne Studer

Sr. Java Developer @ Navis

TeamCity provides a widget that displays the status of a given build configuration in an arbitrar »
Scott Davis

Author of "Groovy Recipes" & TDD Expert

Every time I see a live show at the Denver Botanic »
Thomas Fuchs

Creator of Script.aculo.us

Prototype needs your documentation skills—a new super-cool documentation site is in the making, and »
David Geary

Author of Graphic Java and co-author of Core JSF

The 2006 NFJS tour kicked off t »
Molly Holzschlag

Co-author of "The Zen of CSS Design"

During a session this week at the fantastic MexicoWeb2.0, an attendee asked me if I had any recommended process for working with Web... »
Bill Scott

Creator of Rico & Ajax Evangelist at Yahoo!

<a onblur="try {parent.deselectBloggerImageGracefu lly();} catch(e) {}" href="http://1.bp.blogspot.com/_Lbt... »

In the Spotlight - Roman Hustad

Roman Hustad

Software Security Consultant at Foundstone

Roman is a Principal Software Security Consultant at Foundstone, a small division of McAfee that provides security assessment, training, and software design services to corporate and government organizations around the world. After spending most of his life building software, now he figures out ways to break it through penetration testing, threat modeling, and code review. On the proactive side, he leads software design sessions, teaches Java security courses, and participates in the Hacme Books open-source project. In his ever-dwindling spare time Roman enjoys mountaineering, scuba diving, and other outdoor pursuits.

Presentations by Roman Hustad

Web Application Hacking

See the hacker's toolbox in action as various web applications are ripped open by exploiting simple software bugs. Common problems such as Cross-Site Scripting (XSS) and SQL Injection will be demonstrated and explained, along with more subtle vulnerabilities including privilege escalation, data tampering, and Cross-Site Request Forgery. "

Security Challenges - Ajax Applications

In this seminar we'll examine the security concerns around Ajax applications, how they are exploited and how developers can mitigate the risks to their applications. Ajax security begins with a discussion of the Same Origin Policy (SOP) of JavaScript, this is one of the key security features of JavaScript. Next, we'll examine authentication and authorization concerns with Ajax and how the developer can avoid common pitfalls.

"