“坚固软件宣言”要想成功,就需要得到软件开发社区的支持,仅有应用安全社区的支持是不够的。
For the Rugged Manifesto to succeed, it would need support from the software development community and not just from the application security community.
基础设施的开发是通过为应用程序创建数据库表和安全部署计划而进行的。
The infrastructure was developed by creating the database tables and the security deployment plan for your application.
对于许多开发机构来说,将风险管理应用到安全编程中是一个相对较新的想法。
For many development organizations, risk management as a discipline applied to secure programming is a relatively new idea.
在本文中,我们讨论了总体体系结构设计原则,以及使用IBM中间件开发安全且可配置的多租户应用程序的相关技术。
In this article, we looked at the overall architectural design principles and related techniques of developing a secure and configurable multi-tenant application by using IBM middleware.
惠普计划力推自行开发的应用,李艾科将业务分析和安全这两个领域列为该公司关注的重心。
HP plans on pushing its own applications, and Apotheker singled out business analytics and security as two areas on which the company will focus.
这比您先开始开发应用,然后来考虑安全问题容易得多。
It is much easier to implement security as you start an application then to try to add it in later on.
为了开发安全的Web应用你必须不断更新的所有层次和了解你的敌人。
In order to develop secure web applications you have to keep up to date on all layers and know your enemies.
与SQL注入攻击类似,如果使用最佳实践开发安全的应用程序,通常可以轻松地处理该威胁。
Like the SQL injection attack, you can often easily deal with the threat if you follow best practices to develop secure applications.
SSRM帮助处理SOA的安全需求,因为安全性适用于整个 SSRM——跨越基础设施、应用程序、业务服务和开发服务。
An SSRM helps address the security requirements of SOA, as security is applicable to the entire SSRM—across infrastructure, application, business services, and development services.
这也就是说,处于各技术级的开发人员都必须为整个应用程序的安全性负起自己应付的责任。
That said, developers at every level of the technology stack must take personal responsibility for the security of the entire application.
在本文中,我们主要集中讨论MIDP应用程序的安全性挑战以及当前可用的或处于开发中的解决方案。
In this article, we'll mainly focus on the security challenges and solutions currently available or in development for MIDP applications.
通常,他们不知道这一点,主要是因为他们在开发他们的应用程序时从未真正考虑到安全性。
Often, they don't know it, mainly because they never really give a thought to security when developing their applications.
应用程序开发者应该把他们要实现所需的安全性功能而需要编写的所有代码都保留在某个单独的模块中,将来这个模块会被买来的基础架构代替。
Application developers should keep whatever code they need to write to implement the required security functionality in some separate module that will be replaced by bought infrastructure over time.
当然不是所有的应用程序都会访问关键数据,但这些程序的开发人员确实能够通过加入访问控制来增强其应用程序的安全。
Certainly not all applications access critical data, but developers of those that do can enhance the security of their applications by building in access control.
我们还将开发一些EJB应用程序来演示各种安全性配置。
We also develop a few EJB applications to demonstrate the various security configurations.
并非所有开发人员都是安全专家,但所有开发人员都应该了解足够多的知识,执行某些基本的网络和流量分析,并在其应用程序内构建基本的安全性。
While not every developer can be a security expert, all developers should know enough to perform some basic network and traffic analysis and to build rudimentary security into their applications.
但是,我认为更好的做法是,了解如何在任何情况下都能开发安全的应用程序,并随后注意何时应用特定的指导原则。
Instead, I think it's better to learn how to develop secure applications in any situation, and then note when specific guidelines apply.
取决于应用程序复杂性,或许可以开发一个使用元数据描述授权规则的自定义框架,以自动将安全更改应用到SQL。
Depending on the application complexity, it may be feasible to develop a custom framework that USES metadata to describe authorization rules and applies security changes to the SQL automatically.
GSSAPI的主要的优点是:一个使用GSSAPI开发的安全应用程序无需修改就可以在不同的安全机制上工作。
The main benefit of GSSAPI is that a secure application developed using GSSAPI can work over different security mechanisms without modification.
在结束部分,我们将总结使用J2ME技术开发用于最小型无线设备的高级安全应用程序的可行性。
In closing, we'll summarize the feasibility of developing advanced secure applications for the smallest wireless devices using J2ME technologies.
J2EE 1.2使用安全性角色,凭借这个应用程序开发人员就能指定哪些角色有访问特定方法的权限,并且部署人员将这些角色映射到特定的用户或用户组上。
J2EE 1.2 USES security roles, whereby the application developer specifies which roles have the authority to access specific methods, and the deployer maps these roles to specific users or user groups.
当关键数据被其他软件控制的时候,开发人员可以添加额外的应用程序层和数据级安全。
Developers can add an extra layer of application and data-level security when critical data is controlled by their software.
使用这项技术,可以在不用考虑安全问题的情况下开发JSF应用程序。
This technique lets you can develop your JSF applications without considering security issues.
应用程序开发中GC的益处——包括指针安全、避免内存泄露以及使开发人员免于编写定制的内存管理工具——已经被很好地证明。
The benefits of GC to application development — including pointer safety, leak avoidance, and freeing developers from needing to write custom memory-management tooling — are well documented.
随着移动商业从时髦的口号逐渐变成现实,对于移动用户和无线应用程序开发人员这类人而言,事务安全性正在成为一个重要方面。
As mobile commerce becomes less of a buzzword and more of a reality, transaction security is becoming an important concern for mobile users and wireless application developers alike.
现在我们将注意力转移到应用程序开发人员和设计人员要构建安全的应用程序必须采取的操作上。
Now we turn our attention to the actions that application developers and designers must take to build a secure application.
因此,用GSS - API开发的安全应用程序可以在不同的安全机制上运行,不用改变应用程序。
Thus, a secure application developed using GSS-API can work over different security mechanisms without changes to the application.
批处理应用程序开发人员可以编写线程安全的、且在单个线程中执行的代码。
Batch application developers write code that is thread-safe and executes on a single thread.
可以开发Web服务安全策略应用程序来让系统管理员为具有不同角色和职责的用户自定义设置。
You can develop a Web services security policies application to allow the system administrators custom the settings for users with different roles and responsibilities.
可以开发Web服务安全策略应用程序来让系统管理员为具有不同角色和职责的用户自定义设置。
You can develop a Web services security policies application to allow the system administrators custom the settings for users with different roles and responsibilities.
应用推荐