It was a huge success - we were able to get more than 70 to attend the event while around 180 registered for the Colombo JUG just with a one month notice...
I was in a panel discussion which talked about secure coding with Java - with Hiranya, Srinath and Amila..
Some key areas I would like to highlight here from what we focused during the panel discussion..
- Security concerns in application development - authentication, authorization, integrity, no-repudiation, confidentiality - best practices to follow while designing a login method - exception shielding pattern.
- How does Java security architecture address the above concerns - JAAS, JGSS, Java Security Manager.
- What are the security concerns in a distributed environment?
- What are the common types of attacks? and solutions - attacks like, Cross-site Scripting, Session Hijacking, SQL Injection, Log Injection were demonstrated during the session...
- What are the security testing best practices? - OWASP
It was quite interesting and was nicely moderated by Senaka.
Some key points highlighted during this session...
- Oracle may not kill Java - but will look in to more commercial side of it by giving patches only for paying customers.
- Oracle's response time so far for critical Java security bugs is highly satisfactory.
- People were afraid when Oracle acquired MySQL and they had all reasons to kill MySQL but they did not. Further Oracle has contributed to improve the performance of MySQL.
- What will happen to the J2ME? Most probably Android will kill J2ME.
- Java7 adaptation is still slow.
- No room for Java on iPad [iOS].
Need to Thank everyone who contributed to the success of this event - specially WSO2, Dr. Sanjiva Weerawarana, Harindu, Hiranya and all other colleagues at WSO2.
Looking forward for the next Colombo JUG event sometime around late April...