[Event Report] WEB Security Measures Seminar for Out-of-Support Java Framework
This article is We invited Professor Hiroshi Tokumaru, the author of the so-called "Tokumarumoto", "How to make a secure Web application to learn systematically", whose second edition was published the other day, to give a keynote speech. Our Styles, EG Secure Solutions, and SCSK took the stage "Web Security Measures Seminar for Out-of-Support Java Frameworks" (2018/6/ 27) Event report.
For companies that utilize business systems and the Internet, that is, for most companies, the problem of end-of-support software is inevitable.
In this seminar, we will discuss the ideals and reality of security measures for Web systems. ** ・ EG Secure Solutions **, which has provided security consulting for many companies, ** ・ SCSK **, which is responsible for long-term customer application maintenance **-Styles, which develops and provides migration tools for Java frameworks and OSS that are no longer supported ** From 3 companies He gave a lecture on the royal road patterns that must be considered for security and practical solutions and countermeasures with examples.
▼ State of the venue on the day
The following is an outline of this seminar.
What is out of support in the first place?
--Even if a security vulnerability occurs when support is cut off (end of support) Means no patch is provided to address the vulnerability
--Software is a "promise" to the purchaser There is a support life cycle policy.
Think about the system life cycle
As an information security textbook, At the timing of planning to develop and build the system
--In anticipation of the end of software support It is necessary to think about what kind of measures to take.
What are the vulnerabilities that you should pay particular attention to?
--There was a lot of turmoil when the end of support for Windows XP was reported, Since Windows XP is basically inside a firewall, it is difficult for malicious attackers to take active actions.
--The Java framework on the Internet is Being outside the firewall, via the internet, Malicious attackers are more likely to take active actions.
A realistic solution to the vulnerability is
--Migrate to successor software --Close the site
Was required in the textbook.
Using out-of-support Java frameworks is especially difficult
Software that is no longer supported Security patches are not updated either ** There is no option to continue using it. ** **
However, as a matter of fact For end-of-support software, especially frameworks adopted in the field of development such as Java frameworks
--From the cost, effectiveness, consideration of other countermeasures, etc. In many cases, we cannot respond quickly.
But ** To continue with the end-of-support Java framework It costs a considerable amount of operation. ** **
Because
--You have to keep an eye on vulnerability information --Critical response is required --Therefore, operating costs are high
Finally
Lastly, my impressions as a seminar organizer. ..
In this seminar, There will be a corner where you can ask the speakers questions in the form of discussions (interviews) about the "questions" received from the seminar applicants in advance. This was the first seminar hosted by Styles.
As an interviewer, while reflecting on what was not a good interview, At the end, we received many additional questions at the venue. Among the business seminars I have planned so far It was a seminar that was able to stimulate communication between speakers and visitors! Thank you to everyone who came to the event for their kind support. For additional questions and Styles seminar materials, please contact us. We look forward to hearing from you and making a request from the Styles Corporate Site Inquiry Form!