Apache Tomcat is a very popular web server and servlet container, with over 70% penetration in enterprise data centers today. Tomcat is featureful, agile, and well supported, and thus many webapps are developed for it today. While Tomcat has a great track record of having secure defaults, and having few security vulnerabilities, your webapp is a different codebase. How secure is your webapp written to be? How can the security of your webapp be improved? And, how secure is the combination of your webapp with your customized configuration Tomcat settings? This presentation will discuss these issues, and offer solutions that you can use in your own web applications and Tomcat installations.
HTTP Request Model Vulnerabilities
- Request Parameters
Jason is a co-author of Tomcat: The Definitive Guide, now in its
second edition, and has written some web articles for O’Reilly’s
OnJava.com web site.
Jason is an Architect at MuleSoft Inc. on the Tcat Server product,
an enterprise Tomcat product that offers a centralized Tomcat administration,
diagnostics, and monitoring console for existing Tomcat installations.
Before joining the team at MuleSoft, Jason was Senior Architect at
Spigit, Inc. where he led a team of software engineers writing an idea
management and prediction markets social networking web application
for the enterprise. Before joining Spigit, Jason was a Senior
Principal Software Engineer for Orbital Sciences Corporation, working
at NASA’s Ames Research Center on the Kepler Space Telescope mission
(http://kepler.nasa.gov), where his software has helped discover five
confirmed extrasolar planets, so far.
Jason’s specialties include the Apache Tomcat servlet container, Java
software development, building social networking web applications,
Tomcat web application development and deployment, scalability and
fault tolerance, and Linux system administration. He has contributed
to several Apache Java projects, and has been an active open source
software developer for many years.
For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at email@example.com
Download the OSCON Sponsor/Exhibitor Prospectus
For media-related inquiries, contact Maureen Jennings at firstname.lastname@example.org
To stay abreast of conference news and to receive email notification when registration opens, please sign up for the OSCON Newsletter (login required)
Have an idea for OSCON to share? email@example.com
View a complete list of OSCON contacts