Welcome!


There's been a flurry of discussion this week among Internet and Web standards heavy-hitters around WebSocket, the new communications protocol supported in Chrome 4 and Safari 5. What was the main issue? Is there some kind of fundamental security vulnerability with the WS protocol? Web...
WebLogic Server Scripting Tool (WLST) provides powerful command-line capability for system administrators and developers to configure WebLogic server environments. However, its usage and adoption does not reach its full potential, seen at many working places, due to various reasons. Th...
I had a different name for this blog entry but just ‘Jump Drive’ is an awful blog title. They go by many names; jump drive, USB drive, flash drive, memory stick and a few others, but removable media is a serious threat to IT organizations. Graduating from floppy disks, as early as 20...
Joe McKendrick kicks off a thread on the current state of SOA Security. As usual, most discussion of SOA Security applies to "how SOA can be made secure". This is understandable. And, as some commentators have pointed out, there is a body of Best Practice out there on how to secure ser...
In some of the typical corporate Web application security deployments, users accessing a protected application are authenticated via enterprise identity/access management products, such as Netegrity's SiteMinder, IBM's WebSEAL, and Oblix's Oblix COREid. The authorization service, howev...