Workshop - Client- vs. server-side RIA security

Workshop Tutors

• Anders Rundqvist
• Aslam Khan
• Ayende Rahien
• Brian Rasmussen
• Diana Larsen
• Eric Evans
• Jonas Jacobi & Ric Smith
• Joonas Lehtinen
• Ken Gilmer
• Micael Herkommer & Magnus Juvas
• Ted Neward

Joonas Lehtinen, IT Mill, Finland

Joonas Lehtinen, PhD, is the founder and CEO of IT Mill, company that has focused on server-side web application frameworks since year 2000. The company is best known for IT Mill Toolkit, Java-based framework for building business-oriented Rich Internet Applications (RIA) available for free under Apache 2.0 license. Joonas has been developing applications for the web since year 1995 with strong focus on building Rich Internet Application user interfaces built on Ajax and Java.

Client- vs. server-side RIA security

Hands-on workshop with Google Web Toolkit and IT Mill Toolkit

Rich Internet Applications (RIA) provide desktop-like usability with web deployment model. The benefits of this combination are obvious and RIA is now common a choice for the presentation layer in many applications. Unfortunately, moving logic from the server to an untrusted client may open up security holes that would not be present in the page-oriented "Web 1.0" architecture.

In this workshop we will take a look at client- and server-side RIA architectures from the security angle, identify some of the most common security problems and discuss strategies for avoiding them. We'll study some example applications implemented in both architectures hands-on. Security problems are first studied from the perspective of an attacker and then fixed. Java-based RIA frameworks, Google Web Toolkit and IT Mill Toolkit, are used in examples, and thus some basic knowledge of Java is needed.

Gold Partner