Watch, Follow, &
Connect with Us

QualityCentral

Public Report
Report From: Conference/US/2006/General    [ Add a report in this area ]  
Report #:  32342   Status: Open
Service-oriented Architectures: How to be Open and Secure by Brent Carlson
Project:  Conference Build #:  No
Version:    1 Submitted By:   Christine Ellis
Report Type:  Suggestion / Enhancement Request Date Reported:  8/7/2006 3:16:06 PM
Severity:    Infrequently encountered problem Last Updated: 8/28/2006 1:33:50 PM
Platform:    All platforms Internal Tracking #:  
Resolution: None  Resolved in Build: : None
Duplicate of:  None
Voting and Rating
Overall Rating: (3 Total Ratings)
3.67 out of 5
Total Votes: None
Description
Service-oriented Architectures: How to be Open and Secure by Brent Carlson
TYPE: Regular Session
LEVEL: All
PREREQUISITES: none
ABSTRACT: Service-oriented architectures (SOAs) have become mainstream in the past year due to their ability
to provide business agility and flexibility through integration, productivity and software reuse. The
Web services framework enables composite applications that leverage service-oriented architecture (SOA) design practices, creating more cost-effective distributed architectures.  As enterprises adopt SOA, they open their systems, enabling greater agility and easier integration.
But, enterprise architects must also protect these systems from intentional or inadvertent threats; security concerns have stymied many SOA and Web services implementations. And, whether it's a new generation of applications based on Web services or legacy applications, application security is a critical issue.  To implement secure SOAs, organizations need to focus on both external security measures and practices for internal or application-level security.  To address internal security issues, IT organizations need to incorporate best practices for
application testing and quality assurance.  A vital approach to attacking many security issues is thorough code review.   In addition to time-intensive manual review of code, tools exist that automate the code review process.

LogicLibrary's Logiscan offers robust security testing early in the software development lifecycle (SDLC) by providing automated security analysis of an application and its modules.  It complements runtime testing and expert visual review of source code by automating a large portion of the tedious tasks required for effective security testing.  What makes Logiscan unique is its ability to analyze native binary code. Currently, Logiscan analyzes
Windows and Linux binaries for the Intel x86 hardware platform with a focus on C/C++ oriented vulnerabilities and Java SPARC MIPS. .NET-based binaries for the Linux, Solaris, Windows, and Windows CE platforms (where applicable), will be added later.  

We're going to take a look at how Logiscan simplifies the task of security testing. After installation, users can simply submit binary files to Logiscan via its Web interface. Searching for errors in buffer iterations, insecure C library calls, buffer overflows, format strings, poor randomness and signed/unsigned conversions, Logiscan scans most programs at a rate of 1MB per minute, while particularly complex programs may take longer.  Logiscan's simplicity enables you to be up and running   and scanning binary code   in as little as ten minutes following installation, and the software provides a number of immediate, quantifiable benefits:

�� Dramatic time savings by eliminating time-intensive line-by-line manual testing of the source
code.
�� Immediate return on investment, since Logiscan provides results similar to source code
testing at a fraction of the cost, yet performs this critical QA function far faster.
�� By identifying code vulnerabilities before deployment, Logiscan saves countless hours and
costs.
�� Consistent, measurable results that are repeatable.
�� The ability to conduct more frequent security reviews, as often as daily during an automated
build, further reducing opportunities for errors and vulnerabilities to slip through the cracks.
�� De facto training and skill-building for developers, since Logiscan's online feedback and
imbedded remediation training help foster best coding practices.
�� Verification that your developers and vendors are following security standards and practices.

Application security will continue to be a focus within IT organizations and will intensify with each new report of widespread attacks. And, as more and more enterprises develop and deploy services, the unique security challenges of SOAs will need to be addressed. By implementing the best practices described in this session   best practices for coupling security and development and for incorporating organizational security standards and policies throughout the software development lifecycle, enterprises will be well on their way to meeting these challenges.

SPEAKER BIOGRAPHY: BRENT CARLSON, vice president of technology and co-founder, LogicLibrary, Inc., drives the development and delivery of LogicLibrary s products. Named to InfoWorld s prestigious ranking of the Top 25 CTOs of 2005, Carlson is a 17-year veteran of IBM, where he served as lead architect for the WebSphere Business Components project and held numerous leadership roles on the  IBM SanFrancisco Project.  He is the co-author of two books: SanFrancisco Design Patterns: Blueprints for Business Software; and Framework Process Patterns: Lessons Learned Developing Application Frameworks. Carlson is a frequent presenter at industry conferences, including Web Services EDGE East 2005, Software Architecture Summit 2005, Enterprise Architect Summit 2004, Java Pro Live! 2004, Microsoft Tech-Ed 2004, Microsoft PDC 2003, IBM Rational Software Development User Conference 2004, regional user groups and Microsoft Architect Council meetings. Carlson holds 16 software patents, with eight more currently under evaluation.
Steps to Reproduce:
None
Workarounds
None
Attachment
None
Comments

None

Server Response from: ETNACODE01

Copyright© 1994 - 2013 Embarcadero Technologies, Inc. All rights reserved.