Track 6: the next-generation web, The next-generation web – Google 2007 JavaOne Advance Conference Guide User Manual

Page 41

Advertising

java.sun.com/javaone |

technical sessions | track six : the next-generation web |

The Next-Generation Web

TS-6014 You Are Hacked: Ajax Security Essentials for Enterprise

Java Technology developers

James Gould, VeriSign Inc.
Karthik Shayamsunder, VeriSign Inc.
David Smith, VeriSign Inc.

Ajax has become a popular technology for building web applications, but
it is still beset by security issues. By itself, it does not substantially change
the fundamentals of web application security, but it makes traditional
threats and attacks much, much worse, by increasing the attack surface.

As an enterprise Java technology developer or security professional, you
need to be aware of a few issues to watch out for when architecting,
building, and testing Ajax-based web applications. Thus, this session, by
the VeriSign Information and Security Services teams, discusses topics
such as browsers’ JavaScript programming language security models and
common exploits found in Ajax applications, such as cross-site scripting,
cross-site request forgery, malicious data, and code injection.

After attending the session, attendees will have a better understanding
of how a typical hacker thinks and will be able to identify the common
potential threats and eliminate vulnerabilities, using the mechanisms
described in the presentation.

TS-6029 Beyond Blogging: Feeds in Action

Dave Johnson, Sun Microsystems, Inc.

Like XML-RPC and SOAP before them, RSS and Atom were born in the
blogopshere and quickly moved beyond blogging. Nowadays web service
providers are using RSS and Atom feeds and REST-based protocols as
lightweight alternatives to SOAP and developers are finding new ways to
combine web services from different sites into new applications, known as
“mashups” in the lingo of Web 2.0.

In this session, you learn the history, details, and pros and cons of the
various RSS formats and the new IETF standard Atom feed format. You
find out how to use the open source ROME feed utilities to fetch, parse,
and produce all forms of RSS and Atom. The presentation covers the
inner workings of the Atom Publishing Protocol, a new lightweight REST
protocol for web publishing that serves as the basis for new APIs from
Google and other web API providers. And you learn how use the ROME
Propono library to build Atom protocol servers and client applications.

THE NExT-GENErATIoN WEB

The web has entered the next stage of its
development—Web 2.0—a second generation
of online services built on wide-scale sharing
and participation. Solutions work together to
let developers easily enrich web applications
and achieve desktop-like interactivity. Java
technology continues to play a dominant role in
the web’s development as enterprises continue
to derive value from their IT investment in Java
technology. The openness of the Java platform
and the Java Community Process have created
an environment that has produced a wealth of
technology aimed at bringing Web 2.0 practices to
developers worldwide. This track showcases the
best examples of technologies that

• Leverage the network effect to create

unique value:

- Participatory web sites, tagging, annotation, sharing
- Blogs and wikis as a means of mass communications

• Use Ajax to do the following:

- Take advantage of the newest features in common

browsers to deliver desktop-quality user experiences
from web applications

- Increase resource utilization through effective use of

Ajax for web user interfaces

• Open the Java Virtual Machine to new languages

and frameworks that make up Web 2.0:

- Ruby on Rails
- Python
- JavaScript programming language

TS-5743 Graphical, Scripted, and Animated User Interfaces on Java ME