Thursday, February 28, 2008
Exposing ECM Security Vulnerabilities
So, instead of attempting to convince others through blog narrative, I figured I would show folks how to break ECM security for real as the next topic for our local OWASP chapter. I suspect that if participants from dozens of large enterprises see their software busted in front of them, this will have a lot more powerful effect in getting software vendors to step up and embrace many of the considerations around security that I talk about including incorporation of XACML, secure coding practices and binding at runtime to Active Directory while eliminating synchronization.
Hopefully, folks in the blogosphere even if they aren't on the same side of town as I, will be willing to make the trek...