Tuesday, August 30, 2011

AppSec USA 2011 Conference - My talk on Messaging Security

I will be speaking at AppSec USA 2011 Conference next month in Minneapolis. The title of my session is:

Messaging Security using GlassFish 3.1 and Open Message Queue

GlassFish application server version 3.1 and Open Message Queue container offer excellent messaging security features. My talk will include discussion on how to enable and configure security for various components in the messaging architecture. This includes Authentication and Authorization for controlling access to the message broker components as well as how to implement message level security using encryption techniques.

I will also discuss the monitoring aspect and how we can use JMX API to monitor and manage various messaging resources such as the Broker, Services, Connections, Destinations, Producers, Consumers and Messages. I will demonstrate all the security features using a sample Java EE application running on GlassFish 3.1 and Open MQ.

They also have a Charity 5K/10K Run being organized as part of the conference events which I will most probably participate.

If you are interested in attending, here is the link to register for the conference:

Sunday, August 28, 2011

NoSQL Now 2011 Conference in San Jose Last Week

I attended the NoSQL Now 2011 Conference in San Jose last week. It was a great experience to meet others who are currently working on or exploring the option of using a NoSQL database in their organizations.

Conference site (San Jose Convention Center) was a great location. The conference session snapshot on computer monitors to show what all sessions are scheduled at a specific time was very helpful. I could look at all the session summaries at the same time and decide which one to attend. The conference mobile app (Guidebook) was also very helpful in checking the conference session schedule, details and slide deck from anywhere at the conference. Attendees getting access to the presentations before hand is a great idea.

I gave a talk on NoSQL Security topic and it was a good discussion and well received by the attendees. NoSQL databases like MongoDB, Cassandra, and Neo4J (which are the NoSQL databases I covered in my session) have decent application security support (authentication, authorization, encryption) but there is still room for improvement in this area. For example, record/entry level data encryption, role based access control (RBAC) can be better than what's there right now.

Overall, NoSQL Now was a great learning event and an excellent forum to meet and network others who are working in the same space. Thanks to Tony, Nerrisa and his team from Wilshire Conferences group and Dan McCreary for organizing the conference. Can't wait for the next year's conference.

Tuesday, August 16, 2011

NoSQL Now 2011 Conference - My Session: Security Considerations in NoSQL Data Access

I will be speaking at NoSQL Now 2011 Conference next week. My title of my session is:

Security Considerations in NoSQL Data Access

The NoSQL DB's have been getting lot of attention lately and there hasn't been much discussion on the security of the applications accessing these non relational databases.

The main focus of my talk will be to give an overview of the current state of security support by the leading NoSQL DB vendors like MongoDB, Neo4J, Cassandra, and CouchDB. I will also discuss the emerging trends, tools and techniques, and best practices in the NoSQL Data Security space.

It's great to see an entire conference focusing on one of the emerging trends in software application development area such as the NoSQL Databases.

If you are interested in attending the conference, you can register for it at the following link: