Web Security: Develop. Penetrate. Smile. – Matt Raible
Matt demonstrated how to “implement authentication in your Java web applications using Spring Security, Apache Shiro and good ol’ Java EE Container Manager Authentication. You’ll also learn how to secure your REST API with OAuth and do it all securely with SSL.”
Nothing spectacular but the usual mix of nice code and how to avoid the most common pitfalls.
Some things to remember: Firewalls don’t work, not even if they’re stateful and inspect the HTTP stream.
If you’re interested in web app security, you should have a look at OWASP. Right now, there are a lot of non-developers there. What we all desperately need is web frameworks which make it more simple to configure a secure web app correctly than configuring a normal web app.