• HOME
• COMPANY
  • About Aspect
  • Customers
  • Management
  • Careers
  • Contact Us
• SERVICES
  • About Aspect’s Services
  • Assurance Services
    for your application security verifications
  • Acceleration Services
    for your application security initiatives
  • Education and Training
• NEWS
  • Events
  • Press Releases
  • News
• RESOURCES
  • OWASP
  • White Papers
  • Case Studies

FOR IMMEDIATE RELEASE

CONTACT:

Bill Husted Aspect Security, Inc. 301-604-4882 (o) 301-775-5545 (m) bill.husted@aspectsecurity.com

Jeff Williams, CEO of Aspect Security Invited to Speak on J2EE Security at JavaOne
How to Attack Java™ 2 Platform, Enterprise Edition (J2EE) Applications

JavaOne Conference, San Francisco, CA - June 8, 2004

Jeff Williams, founder and CEO of Aspect Security as well as Chairman of the Open Web Application Security Project (OWASP) Foundation gave a presentation detailing common methods of attacking J2EE applications. The attacks covered many of the OWASP Top Ten vulnerabilities as applied to common J2EE architectures.

Jeff gave a session on "How to Attack Java™ 2 Platform, Enterprise Edition (J2EE) Applications" that focused on finding and eliminating security flaws in J2EE applications. “Java has powerful security mechanisms, but there are still many traps for unaware developers.” said Williams. “Vulnerabilities like access control problems, authentication weaknesses, SQL injection, cross-site scripting, and poor input validation still plague many, if not most, J2EE applications.”

Ron Stephenson, a J2EE developer attending the session, said "I was way surprised by the number of ways to attack J2EE applications. I'm definitely going to go review my critical applications for these vulnerabilities. I wish there was more protection built into the platform for these kinds of attacks."

About Aspect Security, Inc.

Aspect Security, the application security specialists, delivers third-party security analysis, code review, and testing to verify the strengths and weaknesses of web applications, web services, and other software. Aspect also appraises an organization’s capability to develop, operate, and maintain applications securely. Aspect has verified hundreds of millions of lines of code for mission critical applications and has trained thousands of developers and managers to build and test secure applications. Aspect served as the authors of the OWASP Top Ten Web Application Vulnerabilities. Aspect’s core team has been providing application security services for over eight years, since before application security was a mainstream issue. Aspect is privately held and headquartered in Columbia, Maryland. To contact Aspect Security, call 301-604-4882, visit us on the Web at http://www.aspectsecurity.com, or write to info@aspectsecurity.com.