Open Source Technologies have gained massive adoption in the software industry and today there is no apprehension in adopting them to quickly implement a custom enterprise solution.

However, extreme caution should be held while integrating these open source technologies as they are highly vulnerable from cyber threats. Ensuring App Security during the design and development phases is one of the key value adds for an enterprise IT team when they work with us.

The Security Framework we design will include the following elements:

OACC for Access Control (Authentication and Authorization)

OACC is an application security framework for Java designed for fine grained (object level) access control. OACC uses the abstraction of a resource for the application objects being secured. This key abstraction enables OACC to provide a rich API that includes grant, revoke and query capabilities for storing and managing the application’s security relationships.

Spring Security

provides security services for Java EE-based enterprise software applications. Services include authentication, authorization and protection against attacks like session fixation, clickjacking and cross site request forgery.

Apache Shiro

is a powerful and easy to use Java security framework that offers developers an intuitive yet comprehensive solution to authentication, authorization, cryptography, and session management. In practical terms, it achieves to manage all facets of your application’s security, while keeping out of the way as much as possible

Keyczar for Encryption

Keyczar is an open source cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications. Keyczar supports authentication and encryption with both symmetric and asymmetric keys.

Bouncycastle

is a lightweight Java cryptography API provider.

Jasypt

is a Java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.

Apache Santuario for XML Security

The Apache Santuario project is aimed at providing implementation of the primary security standards for XML: XML-Signature Syntax and Processing and XML Encryption Syntax and Processing.

Vlad for Validation

Vlad stands for “validation”. This projects indeed aims at offering a simple, high-level, extensible, generic validation framework that can easily be integrated into existing applications.

HDAV for Enterprise Security

HDIV as a Java Web Application Security Framework that controls the information flow between the server and the client, avoiding many of the most important web risks. HDIV extends web application behavior by adding Security functionalities, maintaining the API and the framework specification. This implies that we can use HDIV in applications developed in Spring MVC, Grails, JSTL, Struts 1.x, Struts 2.x and JSF in a transparent way to the programmer, without adding any complexity to the application development.