How to Generate a Deployable REST CXF3 Application from a Swagger-Contract – Johannes Fiala
This talk will show how you can use Swagger-Codegen to generate a complete REST application using Apache CXF3 based on a Swagger contract and deploy it to application servers.
Features in the generated server stub include:
* Automatic operation validation using @Valid
* Using transparent gzipping of requests
First I’ll demo how to generate the applications & how they work in the container (Tomcat + Jboss EAP), showing how the features work there.
The talk will continue how this is done using Mustache-templates in Swagger-Codegen and how additional features can be added to the generator (e.g. adding forced Gzip-support, enhancing test cases, add additional configuration files, etc.).
Additionally the Swagger toolchain will be shown during the talk (Swagger UI, Swagger Editor, Swagger2Markup to generate PDFs).
Object Lessons: Deserialization After Apache Commons Collections – Tim Jarrett
ItÛªs the biggest vulnerability of 2015 that didnÛªt get a brand name. The deserialization vulnerability in the Apache Commons Collections library also impacted the build server that powers most software developers and a half dozen other key pieces of the shared Java software infrastructure. But Java deserialization vulnerabilities are more widespread than you might guess.
This presentation reviews data from over 200,000 application security scans to help defenders better understand the risk of Java deserialization vulnerabilities. We look at vulnerability prevalence both overall and by industry vertical and the probability that your application has a similar vulnerability (hint: higher than youÛªd think). WeÛªll also look at real world guidance for setting security policies and coordinating with developers to get issues fixed across large numbers of applications.
How to Secure Apache Spark? – Neelesh Srinivas Salian
Security has been a crucial component of the Big Data ecosystem. The need to protect data from exploits and vulnerability are evident in the strong push for cybersecurity and secure clusters across businesses and industries alike. Spark itself has been a major analytic backbone of that infrastructure. Similar to the evolution of the security infrastructure on Hadoop, we see Spark growing as well. How does one ensure Security with Spark without much hassle ? This talk focuses on the steps need to be taken to setup and discuss the potential issues on Spark Core, Streaming and other components that would follow. The speaker has been helping out large enterprise customers setup and ensure their infrastructure maintains the secure environment.
Improving your Apache Project’s Image and Brand – Shane Curcuru
Wondering what to do about the new BestHadoopNews.com website? Don’t know how to approach your employer’s marketing department about launching BigCo’s SuperLucene product? Want to ensure your great project community gets the credit you deserve for building great software? We’re here to help!
Dealing with third parties (or your boss!) improperly using your Apache project’s brand is a difficult topic. Find out about the PMC Branding Reporting Guidelines, and get step by step help with raising the issue. Learn about the kinds of uses of Apache project brands that are OK to allow, and the uses by hungry companies that can take control of the project away from the PMC. The strong independent reputation of your project and Apache overall relies on every PMC policing their own brand effectively and fairly. Learn how your PMC can improve your project’s reputation with Shane!
Secure by Default Web Application with Apache Sling – Robert Munteanu
A product that works is not done, as there are many facets to consider – availability, scalability, security. Of those, security is probably the most expensive to get wrong.
By analysing a simple web application built on top of Apache Sling and its threat model, we will review the main attack vectors and how they can be mitigated. You will see what the general approaches are and also how Apache Sling allows you to eliminate entire classes of vulnerabilities by using secure-by-default components. Although we will use Apache Sling for examples, previous knowledge of Sling or its components is not required.