Parleys.com

Although Java offers some great security 'features', this talk will handle the lack of 'build in' security when you develop your web applications.

Security is not an on/off button or parameter you activate for your deployment!

Some real world hacks will be demonstrated to show how easy it is to break the confidentiality or integrity of your data and how easy it is to break you web application!

To finish off in a positive note: it IS possible to do it the right way.

Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks.

OWASP tools and methodologies such as OWASP Java security, source code security review and the enterprise security provide developers with a massive advantage over organizations that are trying to deal with security using existing ad hoc secure coding techniques.

Although Java offers some great security 'features', this talk will handle the lack of 'build in' security when you develop your web applications.

Security is not an on/off button or parameter you activate for your deployment!

Some real world hacks will be demonstrated to show how easy it is to break the confidentiality or integrity of your data and how easy it is to break you web application!

To finish off in a positive note: it IS possible to do it the right way.

Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks.

OWASP tools and methodologies such as OWASP Java security, source code security review and the enterprise security provide developers with a massive advantage over organizations that are trying to deal with security using existing ad hoc secure coding techniques.

If you're a Java web developer, you're certainly familiar with monolithic WAR
deployments and library bloat, and you've probably thought numerous times,
"There must be a better way." Well, there is! By building on the benefits of an
OSGi runtime environment and combining the Spring and Spring-DM
programming models, the SpringSource Application Platform offers enterprise web
developers exciting new opportunities. This session will focus on developing web
applications in an OSGi environment and will include a discussion of the migration
path from a standard Java EE WAR to a fully OSGi-enabled web application
packaged as a Web Module within a PAR. We will begin with an overview of
deployment and packaging options available on the Platform and then take a
closer look at each supported web deployment model from Standard WARs to
Shared Libraries WARs, Shared Services WARs, and finally Web Modules.
Attendees will walk away with a solid understanding of how to both develop and
deploy next generation web applications on the S2AP.

The process of estimating size, time, effort, etc., is fundamental for the success of every software project. Unfortunately, it is often the case that the stakeholders (including project managers, developers, and users) don't know how to do it properly, and everybody ends up working against the clock to meet impossible targets, getting poor software late as a result. After a short introduction in which I'll present what can and should be estimated (e.g., time, size, effort, cost, etc.), I'll focus on what is necessary to get started with some simple, but very effective techniques.

One-size-fit-all fits nothing! Just one kind of AOP won't fit all applications, either.
Therefore, there are many choices available when using Spring-AspectJ
combination. First, there is a choice about AOP system: proxy-based AOP or
bytecode-based AOP. Then there is a syntax choice: traditional AspectJ,
@AspectJ, and XML syntax. Within bytecode-based weaving, there are weaving
choices: build time weaver or load-time weaver (LTW). If you choose LTW, you
have further choices of AspectJ agent-driven or Spring-driven LTW. Confused?
Don't be. These choices, while confusing at first, exists for a reason. This session
explores all these choices and provides guideline on choosing the right
combination to make you successful with AOP.

See Adobe's vision of the future of RIAs. We'll discuss the importance of high-quality design and the tight communication required between designers and developers to build truly compelling applications, including how to make the tools that each prefer interoperate. Finally we'll discuss features and changes expected in Adobe's product line up, like the next version of Flex (code name Gumbo)..

During this relaxed SpringOne'08 keynote Adrian Colyer gives a high level overview of what's next for the Spring Platform, followed by an interesting demo by Rob Harrop covering the new dynamic Spring OSGi services

Ajax has the power to make your applications satisfying and beautiful or painful and frustrating. This talk shows how Dojo can help you create amazingly beautiful user experiences and how DWR brings the beauty to Java by making Java and JavaScript work well together.

Both Dojo and DWR have changed a lot in the last 2 years. Dojo now has a theming system, many new widgets, and great documentation. DWR can now synchronize data between the server and multiple clients, you can implement Java interfaces with JavaScript, and call both ways between Java and JavaScript.