• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Rob Spoor
  • Devaka Cooray
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • Tim Holloway
Bartenders:
  • Jj Roberts
  • Al Hobbs
  • Piet Souris

Is it good to depend on third party security component?

 
Ranch Hand
Posts: 125
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Jim/August,

Security is a big topic and involves lot of effort in building the security component for an enterprise based application. Its rather easy to develop the business logic but to have it secured involves lot of effort.

Is it suggestible to use any third party security component for an enterprise based application or Is its always better to implement our own security. If the application has to supports applet, web and also devices like mobile, tablet etc.

Thanks,
Kumar.
 
Marshal
Posts: 16631
278
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is the classic "Build vs Buy" question, right? When it comes to security, there are certain things you don't want to do yourself but rather rely on reputable and trusted third parties. The prime example are crypto libraries. You don't want to roll your own when it comes to this. I wouldn't want to roll my own application security framework either. Frameworks like Spring Security are things that you leverage and build on top of.

I think the key is to understand whatever technologies you are using and include them in your security risk assessment and profile. You need to be constantly vigilant and diligent in keeping up with newly discovered vulnerabilities in these technologies and staying current with patches and updates. If anything, security is really an ongoing practice and discipline.
 
Author
Posts: 53
7
MySQL Database Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Junilu Lacar wrote:This is the classic "Build vs Buy" question, right? When it comes to security, there are certain things you don't want to do yourself but rather rely on reputable and trusted third parties. The prime example are crypto libraries. You don't want to roll your own when it comes to this. I wouldn't want to roll my own application security framework either. Frameworks like Spring Security are things that you leverage and build on top of.

I think the key is to understand whatever technologies you are using and include them in your security risk assessment and profile. You need to be constantly vigilant and diligent in keeping up with newly discovered vulnerabilities in these technologies and staying current with patches and updates. If anything, security is really an ongoing practice and discipline.



I use a lot of open source components for security. Especially in Java. For crypto, Google KeyCzar. For encoding, The OWASP Java Encoder Project. BUT I verify all of them. I suggest you at least check to see if the project is active and if any security issues were found in the past. Also sign up for that projects security email list or dev list to understand what issues arise. Sure, use third party components, but do your due diligence to ensure quality and security and be ready to update quickly. This is not always easy.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic