sling | FeatherCast

Secure by Default Web Application with Apache Sling – Robert Munteanu

A product that works is not done, as there are many facets to consider – availability, scalability, security. Of those, security is probably the most expensive to get wrong.

By analysing a simple web application built on top of Apache Sling and its threat model, we will review the main attack vectors and how they can be mitigated. You will see what the general approaches are and also how Apache Sling allows you to eliminate entire classes of vulnerabilities by using secure-by-default components. Although we will use Apache Sling for examples, previous knowledge of Sling or its components is not required.

More about this session

Effective Web Application Development with Apache Sling – Robert Munteanu

Apache Sling is an innovative web framework built on top of the Java Content Repository (JCR), that uses OSGi for its component model and fosters RESTful application design. This talk shows how Sling integrates various standard-based technologies, like OSGi and the Content Repository API for Java to create a coherent framework for web application development. We will walk through the development of a simple application with minimal effort and demonstrate how to productize the resulting application. We will pay special attention to some approaches which are not yet part of mainstream development, such as using OSGi for dependecy injection and JCR for persistence.