Security SIG: Building Secure Business Applications



  • Come and hear how a new technology, Enterprise Application Security Integration (EASI), enables end-to-end integration of security technologies for Web Services and other forms of distributed computing.



    Bret Hartman, Chief Technology Officer - Hitachi's Quadrasis Division

    JUST ADDED - A opening presentation by Chad Harrington and Romain Agostini from Entercept. Entercept makes Intrusion Prevention software that automatically protects against known and unknown penetration attacks.

    Click here to view Chad Harrington's and Romain Agostini's presentation.


    Presentation Overview

    Building Secure Business Applications

    The pervasive reach and platform-agnostic nature of Web Services demands a security framework that enables enterprises to secure and control access to applications and data, without impeding the exchange of data that is essential for successful Web Services.

    This fundamental shift toward interoperability, however, also presents daunting security challenges. In exposing critical business functions to the Internet, Web Services can expose valuable corporate data, applications and systems to a variety of threats.

    Businesses have made significant investments in the patchwork of security products they currently have in place. Executives have neither the budgets nor the desire to discard their current infrastructures. Fortunately, they don't have to. A new technology, Enterprise Application Security Integration (EASI), enables end-to-end integration of security technologies for Web Services and other forms of distributed computing.

    EASI employs security standards, such as Security Assertion Markup Language (SAML), to achieve this end-to-end interoperability. Information from one processing domain or tier is seamlessly passed to another using typical Web Services protocols. Once received, EASI provides the tools to establish the user's security context within the current tier. EASI then makes it possible to use the security context with existing authorization engines, or substitute other more sophisticated authorization engines. Finally, EASI supports security auditing across domains and tiers to provide a complete, consolidated record of a transaction.

    Giga Information Group's Randy Heffner recently urged "...application architects to familiarize themselves with EASI concepts and technologies so that they can make conscious decisions about whether, when and where to pursue EASI adoption before finding application security holes the hard way."


    About the Presenters

    Bret Hartman

    Mr. Hartman has over twenty years of experience in information security and secure systems development. His expertise includes distributed component security, policy development and management, and security modeling and analysis. He is a nationally recognized expert on enterprise security, and he is a book author, regular speaker, and expert panelist on a variety of secure distributed system topics. He has been a long-time participant in Object Management Group (OMG) standards activities, and is a co-author of the CORBA security specification.

    Prior to his current position, Mr. Hartman was Vice President of e-Business Security Solutions at Concept Five Technologies, Inc., where he provided security architecture consulting to many enterprise clients in financial services, telecommunications, manufacturing, and retail. Prior to Concept Five, Mr. Hartman co-founded a venture for building security policy management tools and providing distributed object security consulting services. Mr. Hartman has defined security architectures for a number of commercial clients, including JavaSoft (Sun Microsystems), Tandem (Compaq), Iona, 3Com, General Motors, British Telecom, Home Depot, Sprint, State Street Bank, Wells Fargo Bank, Credit Suisse First Boston, Bank of America, and Deutsche Bank.

    Mr. Hartman received a Bachelor of Science degree from the Massachusetts Institute of Technology and a Master of Science degree from the University of Maryland.



    Based on patented technology, Entercept safeguards a server by evaluating requests to the operating system before they are processed, and rejecting malicious ones. By proactively blocking attacks, Entercept significantly decreases down-time, reduces security-related costs and protects critical assets. Unlike other security solutions, Entercept uses a combination of both behavioral rules and signatures to prevent both known and unknown attacks, rather than merely detecting and reporting them after they occur. Entercept also has a Web server version that shields Web servers as well as protects against HTTP attacks.


    Event Logistics


    Cubberly Community Center

    4000 Middlefield Road, Room H-1

    Palo Alto, CA


    6:30-7:00pm registration/networking/refreshments/pizza

    7:00-9:00pm presentation and discussion



    $15 for non-SDForum Members

    No charge for SDForum members and students with ID

    No registration required

    More on the Security SIG....