This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Securing the Core JEE Patterns

Jump to: navigation, search

The presentation

Owasp logo normal.jpg
The demand to integrate security into early development activities has accelerated in recent years. The Core J2EE Design Patterns and associated implementation strategies are an ideal platform for dispensing application security advice due to their ubiquity and existing popularity within the development lifecycle. While developers can access documentation on how to implement security patterns, there has been relatively little work on how to implement security into existing, established design patterns. Join us in this interactive presentation as we analyze a sampling of the original twenty-one Core J2EE Patterns from a security perspective. Patterns from the presentation, business and integration tiers will be examined. It is our goal that developers will be encouraged to reference this material while designing JEE applications that use these patterns or frameworks that are based on these patterns.

The speaker

Rohit Sethi, Director of Professional Services, Security Compass, is a specialist in threat modeling, application security reviews, and building security controls into the software development life cycle (SDLC). Mr. Sethi is a frequent guest speaker and instructor at several national conferences. He has written articles for Security Focus and the Web Application Security Consortium (WASC), and has been quoted as an expert in application security for ITWorldCanada and Computer World. At Security Compass, Rohit teaches hundreds of students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering. Krishna Raja is an Application Security Consultant with an extensive background in J2EE application development. He has performed comprehensive security assessments for various clients, which involves threat analysis, source code inspection and runtime penetration testing. Mr. Raja has also been instrumental in the development and delivery of Security Compass' training curriculum. He has developed and taught courses in Exploiting and Defending Web Applications, Application Security Awareness and Advanced Application Attacks to architects, project managers and developers across Canada and the United States. Krishna is an emerging speaker at information security conferences, and last year spoke at Source Boston 2008 and ISSA Secure SD Symposium.