Are you thinking like a hacker? The countless hours you spend planning, crafting, and perfecting your world-class applications
are all for nought if you aren't keeping an eye on potential vulnerabilities that can leave you open to security breaches.
This week, IBM security expert Paul Ionescu wants to help you understand the hacker mindset and secure
your web and cloud applications. This resource page features an insightful overview video that guides you through common
application weaknesses, typical web attacks, and security measures you can implement to keep the bad guys at bay. You'll
also find helpful links that enable you to take your security explorations beyond the fundamentals -- including the new developerWorks
Security site, which is jam-packed with technical articles, best practices, community resources, products, and more to
help you protect your apps.
We think you'll find it worth your time... because, say what you will about hackers, they aren't lazy.
Until next week,
John Swanson and the developerWorks editorial team
Our other top features on developerWorks
| Developer events in your area|
IBM Smarter Business: InterConnect 2012 (9-11 Oct. in Singapore)|
This first-of-a-kind IBM event will showcase the business successes of leading IBM clients who are effectively unleashing
innovation and taking advantage of the new era of computing that is upon us. This event will demonstrate the full range of
IBM's highly integrated software and systems solutions brought to life by real client best practices. (9 - 11 October 2012,
Get more details and register >
| IBM workshop in Barcelona: Introduction to Maximo Asset Manager |
This workshop features a mix of lectures and demonstrations that highlight how Maximo EAM V7.1 can support most of the challenges
of enterprise asset managers. In addition, participants can experience some of these capabilities through guided, hands-on
labs. And be sure to join the community
group for this event on developerWorks. (25 October 2012, Barcelona, Spain)
Get more details and register >
| IBM briefing in Ehningen: Develop and manage your mobile applications using IBM
Get hands-on experience with IBM Worklight and receive an open, comprehensive, and advanced mobile application platform for
smartphones and tablets. And be sure to join the community
group for this event on developerWorks.
(25 October 2012, Ehningen, Germany)
Get more details and register >
| IBM workshop in Ehningen: Get an insight into IBM Cognos TM1 (v10.1)|
This one-day workshop is designed to give participants an overview of IBM Cognos TM1 architecture, and hands-on exposure
to the components necessary to design and develop models. And be sure to join the community
group for this event on developerWorks. (31 October 2012, Ehningen, Germany)
Get more details and register >
| IBM workshop in Boston: Social business application development|
This workshop will focus on developing social business applications on IBM's social business platform using the common language
of the web developer. In this three-day event, web developers will learn social business application development from the
engineers at IBM Labs in Littleton, MA. (13 - 15 November 2012, Waltham, MA)
Get more details and register >
| Use Graphviz to generate automated system diagrams|
This article explains the basics of the Graphviz application and how you can write scripts that can automate the creation
of diagrams so that you always have up-to-date and correct diagrams of your systems.
Keep your diagrams current >
| Build social media datamarts using SPSS text mining tools|
Customers are online, conversing, performing comparisons, and influencing others. These behaviors embedded in raw social
media data represent consumer preference, purchase history, significant life events, mood, personality, and other attributes
that can be derived through text mining and stored in a social media datamart.
Start digging >
| Business process management|
| New IBM Business Process Management Journal |
The new BPM Journal features a video by Brian Petrini describing the BPM Compendium of Public Knowledge, as well as a great
selection of articles and columns on topics of interest to BPM practitioners: running large-scale simulations with WebSphere
ODM V8, using Web Experience Factory with IBM BPM to create custom UIs, and lots more.
Get started with your fall reading now >
| Test drive IBM SmartCloud IaaS today at no charge |
Customers who sign a contract between 12 September and 26 October can provision select virtual machines at the Toronto (Canada),
Ehningen (Germany), Tokyo (Japan), Singapore, Boulder (US), and Raleigh (US) data centers, subject to availability, at no
Take advantage of it while you can >
| Choose the best PaaS cloud for your needs|
Platform as a Service (PaaS) is generally considered one of the three main service-delivery models for cloud computing. However,
the term masks the wide diversity that's found in cloud platforms. The author examines some of the leading cloud platforms
and provides guidance as to the use cases that they may address.
Explore PaaS alternatives >
| Enable mapping and geospatial analytics on IBM SmartCloud Enterprise|
Cloud computing is becoming the next-generation IT platform for managing resources, reducing costs, and optimizing infrastructure.
The core characteristics associated with cloud have intrinsic relationships with geospatial technologies. This article introduces
GIS, geospatial analytics, and the Esri ArcGIS and Esri Maps application, and shows how it deploys on IBM SmartCloud Enterprise.
Get your bearings with Esri ArcGIS and Esri Maps >
| IBM PureSystems cloud-based trial and Virtual Pattern Kit for Developers|
Access the cloud-based trial (beta) of IBM PureSystems. With minimal management, you can
leverage patterns of expertise that automate many tasks and quickly
develop in a secure, collaborative, cloud-based environment.
IBM Virtual Pattern Kit for Developers lets you develop virtual patterns for application deployment into the cloud. The kit
includes patterns, a plugin development kit (PDK), and the Image Construction and Composition Tool.
See for yourself how IBM is revolutionizing IT >
| New IBM ecosystem partner images on the IBM Cloud|
Explore the new partner software images on the IBM Cloud. IBM Business Partner solutions extend the value of the IBM SmartCloud
by providing new capabilities. Learn more about these capabilities, which are now being offered on the IBM Cloud.
New ecosystem partner images on the IBM Cloud >
Increase availability with IBM Sterling B2B Integrator adapter containers|
Achieve higher availability with IBM Sterling B2B Integrator by using the adapter container for communications adapters.
This article describes how to split communications and back-end processing into separate processes with separate lifecycles.
By following this model, you can reduce downtime and isolate potential system failures.
Start using the new adapter container feature >
Cyber security for the nuclear energy industry|
An effective security program hinges on a solid collaboration process during product development and delivery efforts. When
deploying software-based systems, such as digital instrumentation and controls for the nuclear industry, it is vital to include
cyber security assessment as part of architecture and development processes.
Get secure >
| Develop, publish, and deploy your first big data application with InfoSphere BigInsights|
Use Eclipse-based tools for InfoSphere BigInsights to expedite application development, package your application for publication
in a web-based catalog, and deploy it so staff and others can easily launch it.
Go big >
| DB2 Text Search, Part 5: Scheduling updates for DB2 Text Search indices|
Automate text index updates using a regular scheduler in the required frequency, including creating, altering, and deleting
schedule tasks, and troubleshooting any problems that may occur.
Schedule it >
| Open source big data for the impatient, Part 1: Get started with Hadoop and your
Get a working definition of big data and some of the capabilities of Hadoop, the leading open-source technology in the big
Start learning Hadoop >
| IBM Data Management magazine: Check out this month's issue|
This month, IBM Data Management magazine takes a close look at data security and data governance. You'll also find articles
on capitalizing on data lifecycle management tools, provisioning test data, managing big data clusters, and reinventing your
See what's new >
| developerWorks interview: George Baklarz on DB2 linking big data and analytics|
IBM Program Director for Worldwide DB2 Sales George Baklarz joins our own Scott Laningham to discuss the technology highlights
of DB2 10, including how DB2 handles big data for analytics, how DB2 uses compression, how hierarchical storage management
features enable you to optimize your data access, and much more.
Watch the interview >
| Download: IBM Data Studio|
IBM Data Studio provides database developers and DBAs with an integrated, modular environment for productive administration
of DB2 for Linux, UNIX, and Windows. It also includes collaborative database development tools for DB2, Informix, Oracle,
and Sybase. This is a fully licensed product that's available at no charge and with no time restrictions.
Download Data Studio now >
| New DB2 Tech Talk: What's hot from the Information On Demand conference (24 Oct)|
Get hot news from Information On Demand 2012 about DB2 for Linux, UNIX, and Windows and other IBM data management products.
In this Tech Talk, host and presenter Serge Rielau will talk with guest speakers who will discuss key topic areas you won't
want to miss. (24 October 2012, 12:30pm EDT)
Register now >
| Looking for deep technical training? Don't miss Information On Demand 2012! (21-25
Information On Demand 2012 has the best technical training -- anywhere! Get the deep dive you're looking for across a wide
array of IBM technologies, see products in action, and influence the future of the industry by providing input directly to
IBM experts. Get the highlights on the technical program and build your agenda at the SmartSite. (21 - 25 October 2012, Las
Vegas, NV, USA)
Register today >
| Big Data Developer Days|
Attend this on-site event to experience IBM's enterprise-class big data platform, which allows you to address the full spectrum
of big data business challenges. Participate in interactive discussions, watch live demonstrations of big data for social
media and log analytics, and get hands-on experience with Hadoop scripting with guidance from development experts. (Multiple
dates and locations)
Space is limited so register today!
| HTML5 2D game development: Graphics and animation|
The second installment of our series on HTML5 2D game development covers Canvas graphics and HTML5 animation. Find out how
to draw the sample game's graphics and set them in motion. Series author David Geary shows you the best way to animate with
HTML5, how to scroll the game's background, and how to implement parallax to simulate three dimensions.
Ready, set, animate >
| Knowledge path: Linux for Windows systems administrators|
Every day, someone makes the move from Windows to Linux, by choice or necessity. This knowledge path will help you make the
transition more easily. Registered members can track their progress.
Make the transition with ease >
| White paper: Develop OpenSocial gadgets for IBM Connections V4.0|
explains how to develop gadgets for IBM Connections V4.0, primarily focusing on using the developer bootstrap page for quickly
Read the white paper >
New IBM Mobile announcements|
Join us on 10 October at 12:00pm EDT for a live broadcast, "Speeding Innovation and Extending Reach with IBM Mobile."
We'll share customer and partner success stories, and you'll be the first to hear about our upcoming mobile news and product
Reserve your spot now >
| Mobile app development training available|
Create compelling apps by following IBM's new training roadmap for the Worklight mobile platform. You'll find foundational
Get started now >
| IBM solution brief: Develop enterprise mobile applications with Rational software|
In transformational business approaches, enterprise mobile applications are a great leap forward. Businesses are now strategically
employing enterprise mobile apps to support business objectives. The possibilities are limited only by imagination -- and
Find out more >
| Tradeoffs and payoffs in moving to DevOps development|
Dan Zentgraf of Ascendant Technology, an IBM Business Partner, describes how the DevOps approach to software development
differs from traditional methods, including how what you deploy and deliver differs. He then outlines the organizational
and cultural transformations required to take advantage of the DevOps approach, and the results you can expect.
Find out what to expect if you switch to DevOps >
| Faster Rational Quality Manager test scripts, automatically|
Rational Quality Manager can use Rational Functional Tester to record a user’s gestures and automatically convert them
into English natural language. Exploratory testing, documentation, and agile test teams that run manual tests can all benefit
by using this combination to write manual test scripts faster and easier.
Write scripts much easier and faster, starting now >
| Guide to Collaborative Lifecycle
This guide for deployment of Version 2.0 of the Rational Reporting for Development Intelligence (RRDI) explains how to integrate
RRDI with the Collaborative Lifecycle Management (CLM) 4.0 data warehouse. You can then generate reports for Rational Team
Concert, Rational Quality Manager, and Rational Requirements Composer.
Configure Rational Reporting for CLM reports >
| Adapt enterprise architecture to cloud services: Using a hybrid SaaS|
Fabio Castiglioni uses a hybrid software as a service (SaaS) example to show how to use enterprise architecture (EA) to specify
requirements for a public cloud service. By using EA notations and Rational System Architect, IT architects can communicate
the value of cloud services to all types of stakeholders.
Increase your understanding of EA with cloud services >
| Get CLM benefits with Rational
System Architect by using OSLC|
Rational System Architect V11.4 is based on different technology and architecture than the 2012 versions of the Rational
applications that work with Collaborative Lifecycle Management (CLM). Wolfram Richter explains how to use Open Services for
Lifecycle Collaboration, or OSLC, to integrate them so that all applications work together seamlessly.
Combine Rational System Architect with Collaborative Lifecycle Management >
| Improve the value of CLM
reports by using metrics|
The applications that comprise Collaborative Lifecycle Management (CLM) provide more than 200 sample reports. Adding either
the Rational Reporting for Development Intelligence (RRDI) component or Rational Insight gives you more options and access
to the data warehouse metrics. This article offers an in-depth look at the metrics and how to use them.
Find out what metrics you'd like to use >
| Determine ROI for projects with Rational Focal Point's Investment Analysis component|
The Investment Analysis component in Rational Focal Point uses input-bounded estimates for costs and benefits to compute
a distribution for net present value (NPV) of a project over its lifetime. From the NPV, it calculates other key values,
including return on investment (ROI). See what formulas it uses and learn how it works.
Find out how the formulas calculate the key values >
| Collaborate easier by adding
Rational Team Concert to your existing system |
Rational Team Concert helps distributed teams manage tasks, defects, source code configuration, and builds collaboratively.
Because it implements Open Services for Lifecycle Collaboration (OSLC), it can integrate existing tools, such as other project
or activity management software. Learn how to use it with Visual Basic scripting language to integrate your existing system.
Add Rational Team Concert to your system >
Address security vulnerabilities in web and cloud applications|
Application vulnerabilities are often the primary entry point for security breaches. Explore common weaknesses in applications,
typical web attacks, and learn the key secure engineering measures to put in place.
How secure are your apps? >
| Work offline with HTML5 web storage|
Discover the power of HTML5 web storage, and see why it's a better storage method than cookies. Explore basic web storage
concepts, HTML5 web storage methods, and browser support.
Use web storage to add offline capabilities >
| Complement canvas with HTML markup, Part 1: Blend the canvas API and HTML/CSS
Compare and contrast the strengths of the traditional HTML model and the canvas API by exploring the idea
of a hybrid HTML/Canvas application that uses the best aspects of both worlds.
See how they stack up >
| Complement canvas with HTML markup, Part 2: Animation and text rendering|
Implement a sample application that involves a canvas implementation of text rendering and create a canvas-based game with
a rich HTML-based user interface that combines the strengths of both approaches.
Overcome obstacles with layering >
| Maintaining high availability when implementing WebSphere MQ clusters in a clustered WebSphere
Application Server environment|
Combining WebSphere Application Server clusters with WebSphere MQ clusters can help you scale both product infrastructures
in order to provide high availability and balance workloads across an enterprise, but they must be carefully configured to
avoid problems and gain the benefits.
| Comparing WebSphere Application Server and Oracle WebLogic Application Server:
Cost, performance, support|
This neutral, third-party study from Datamation describes key differences between WebSphere Application Server and Oracle
WebLogic. While both products perform well in demanding mission-critical environments, there are important differences in
both efficiency and total cost of ownership.
| Webcast: Customizing perspectives in CICS Explorer (9 Oct)|
This WebSphere Support Technical Exchange shows you how to customize CICS Explorer perspectives for various user roles and
(9 October 2012, 11:00am EDT)
Register now >
| Webcast: WebSphere Application Server Plug-in Configuration Tool (11 Oct)|
The Plug-in Configuration Tool (PCT) helps you configure the various WebSphere Application Server plug-ins, such as IBM HTTP
Server, Apache Web Server, and Sun Java System Web Server. This WebSphere Support Technical Exchange shows you how to use
the PCT from both the GUI and the command line. (11 October 2012, 11:00am EDT)
Register now >
| On-demand webcast: Evaluating the health of your IBM HTTP Server |
This WebSphere Support Technical Exchange shows you best practices for measuring the operation of the IBM HTTP Server and
the WebSphere Application Server plug-in.
Watch it now >
| IBM Redpaper: IBM CICS Performance Series - CICS, DB2, and thread safety |
This Redpaper highlights the factors that affect the performance of IBM CICS transactions that access DB2 resources through
the CICS DB2 attachment facility. This paper is one of a series focused on CICS performance written by members of the IBM
Hursley CICS development community, and based on feedback from CICS customers.
| IBM Redbook: WebSphere Application Server V8.5 concepts, planning, and design
This IBM Redbook describes the concepts, planning, and design of WebSphere Application Server V8.5 environments for IT architects
and consultants. Topics include product packaging and features, common implementation topologies, components, planning guidelines,
and migration on both distributed platforms and IBM z/OS.
To ensure proper delivery, please add email@example.com to your address
book. You received this email because you are subscribed to
IBM's developerWorks newsletter as: © International
Business Machines Corporation 2012. All rights reserved.
Attn: Developer Communications,
150 Kettletown Road
Southbury, CT USA 06488
Downloads & Trials