Apache Tomcat is the perfect application server for deploying your web applications in production. In fact, it also happens to be the only Java application server that has hardening guidelines published by Center for Internet Security (CIS). CIS publishes hardening guidelines for widely used software to help enterprises protect their deployments. The very fact that they have hardening guidelines for Tomcat is a testament to its widespread popularity and usage.

So, how do you know if your Tomcat installation is secure? Its actually very easy. I will provide step-by-step instructions on evaluating whether your Tomcat is secure. If you find that you need to make changes, you can use Tcat Server to harden your Tomcat instance.
(more…)

Mule ESB has had support for WS-Security via CXF for some time now, but the enterprise edition of Mule 2.2.4 goes a bit further still with the inclusion of the Mule SAML Module and a new WS-Security example. In this article, I will step through the WS-Security example so that you can see the different possibilities available for incorporating WS-Security into your Mule application. (more…)