(ARTICLE) Java EE and .NET Security Interoperability

November 18th, 2008guru

in

(ARTICLE) Java EE and .NET Security Interoperability

This chapter covers the features of Java and .NET security that make
interoperability easier. It also discusses different technologies (such as
authentication in the Presentation tier) and the open standards (such as
Web services security) where Java and .NET applications can interact.
Finally, two interoperability strategies are discussed.

Security by Default
Security exploits and vulnerabilities are often causes of huge financial loss
and disruption of business services. The Computer Security Institute (refer
to [CSI] for details) has reported a worldwide financial loss of circa
US$130 million that resulted from virus, unauthorized access, and theft of
proprietary information in 2005, a US$7.3 million loss (compared to US$65
million loss in 2003) due to denial of service attacks, and an average
US$355,552 (2005) loss per incident for proprietary information theft in
2003. A business application that was considered "secure" running on a
Unix or Windows platform (for example, protected by firewall and
anti-virus application) is not necessarily vulnerability-free when
exchanging sensitive business data with another business application
running on a different platform. This is because the interoperable solution
is exposed to security vulnerabilities if one of the applications (either the
sender or recipient) is exploited or is being attacked by hackers.

There are historic incidents of vulnerabilities in the Windows platform
(such as flaw authentication [WindowsAuthFlaw]) or Java platform (such
as a flaw in the JVM in [JavaVMFlaw]). These incidents are critical and can
become the "Achilles’ heel" (a critical problem that causes financial loss or
disruption to the business service) for the mission-critical Java EE .NET
interoperable solutions. Although the individual vulnerability incident may
not be a direct root cause to security exploits of a Java EE .NET
interoperable solution, any vulnerability exposed on either Solaris OE,
Unix, Linux, or Windows platform becomes a "weakest link" to the security
of the interoperable solution.

Web Services Interoperability (WS-I) identifies the following security
threats that can impact Java EE .NET interoperability:

[READ MORE..]

COURTESY : www. informIT.com

guru's blog
Login or register to post comments

| HOME | Articles | | HOME | Latest C,C++ News | Articles | Tutorials | Code Zone | FORUM |Tutorials | Code Zone | FORUM |

© 2006 - c4swimmers.net
Note: Do not post copyrighted contents and c4swimmers are not responsible for it.
Note: This web site is for the purpose of disseminating information for educational/learning purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site.

C4Swimmers.Net - India's Largest Community for C, C++, C#, VC++, .NET, Unix - Programming & Tutorials

User login

Navigation

Unix / Linux Programming

Code search made simple

Data Structures using C and C++

(ARTICLE) Java EE and .NET Security Interoperability

(ARTICLE) Java EE and .NET Security Interoperability

Search Engine on C Programming (New)

Recent blog posts

Fresher Links

Who's new

Who's online

| HOME | Articles | | HOME | Latest C,C++ News | Articles | Tutorials | Code Zone | FORUM |Tutorials | Code Zone | FORUM |

Get the RSS Feed