Thursday, February 28, 2008
Exposing ECM Security Vulnerabilities
Yesterday, I discussed the notion of Community Formation around the topic of security and started to noodle one dilemma that is so pervasive. Many folks outside of the security community tend to think about how things work while struggling to understand how to break things. My previous blog entries have attempted to shift the mindset of others towards this notion but has been met with little success.
So, instead of attempting to convince others through blog narrative, I figured I would show folks how to break ECM security for real as the next topic for our local OWASP chapter. I suspect that if participants from dozens of large enterprises see their software busted in front of them, this will have a lot more powerful effect in getting software vendors to step up and embrace many of the considerations around security that I talk about including incorporation of XACML, secure coding practices and binding at runtime to Active Directory while eliminating synchronization.
Hopefully, folks in the blogosphere even if they aren't on the same side of town as I, will be willing to make the trek...
| | View blog reactionsSo, instead of attempting to convince others through blog narrative, I figured I would show folks how to break ECM security for real as the next topic for our local OWASP chapter. I suspect that if participants from dozens of large enterprises see their software busted in front of them, this will have a lot more powerful effect in getting software vendors to step up and embrace many of the considerations around security that I talk about including incorporation of XACML, secure coding practices and binding at runtime to Active Directory while eliminating synchronization.
Hopefully, folks in the blogosphere even if they aren't on the same side of town as I, will be willing to make the trek...