March 27, 2017
At ApacheCon Miami, Shawn McKinney will give a talk on the anatomy of web application security.
In this interview, he talks about what he’ll be presenting, and who should attend.
Register today for ApacheCon, and save $200 on your admission cost.
February 10, 2017
Implementing Security in Apache Geode Using Apache Shiro – Jinmei Liao
Apache Geode (incubating) is a distributed in-memory data grid built for high throughput low latency applications. Data stored in a Gode cluster can be accessed by Geode clients (which talk to the server over TCP) and over REST api. One can also manage the Geode cluster over JMX and rest api.
Although you could secure the transport using ssl, role based access control existed only for clients over TCP. In the latest release of Apache Geode, we now have role based access control for all Geode APIs, and we used Apache Shiro for our implementation. In this talk we will provide details on how this was accomplished and present our ÛÏlessons learnedÛ.
February 10, 2017
How to Secure Apache Spark? – Neelesh Srinivas Salian
Security has been a crucial component of the Big Data ecosystem. The need to protect data from exploits and vulnerability are evident in the strong push for cybersecurity and secure clusters across businesses and industries alike. Spark itself has been a major analytic backbone of that infrastructure. Similar to the evolution of the security infrastructure on Hadoop, we see Spark growing as well. How does one ensure Security with Spark without much hassle ? This talk focuses on the steps need to be taken to setup and discuss the potential issues on Spark Core, Streaming and other components that would follow. The speaker has been helping out large enterprise customers setup and ensure their infrastructure maintains the secure environment.
February 10, 2017
Secure by Default Web Application with Apache Sling – Robert Munteanu
A product that works is not done, as there are many facets to consider – availability, scalability, security. Of those, security is probably the most expensive to get wrong.
By analysing a simple web application built on top of Apache Sling and its threat model, we will review the main attack vectors and how they can be mitigated. You will see what the general approaches are and also how Apache Sling allows you to eliminate entire classes of vulnerabilities by using secure-by-default components. Although we will use Apache Sling for examples, previous knowledge of Sling or its components is not required.
January 23, 2017
Attacking a Big Data Developer – Olaf Flebbe
Developers are a possible attack vector for targeted attacks to infiltrate malicious code into enterprises.
The Speaker did a network traffic analysis with the Bro Network Security Monitor (bro.org) backed by an ELK Stack while compiling Apache Bigtop, a Big Data Distribution containing Apache Hadoop, Spark, HBase, Hive, Flink et al.
While there are no obvious traces of a malicious code within the traffic, there are many findings of possible attack vectors like unsecurely configured critical software infrastructure servers, usage of private repositories or unsecure protocols.
The Analysis showed that many compile jobs are downloading and running executables from untrusted sources. The author will shortly explain how these weaknesses can be exploited and will give recommendations on how to resolve these issues.
May 20, 2016
ApacheCon NA 2016, Vancouver
Thursday, Georgia A
TLS State of the Union – Sander Temme
Details
May 20, 2016
ApacheCon NA 2016, Vancouver
Friday, Georgia B
The new threat landscape of open-source security – Mark Curphy
Details