WMCPA iCON2025

Anyone creating web or mobile applications, or APIs, can benefit from the techniques shown here:

Do I need a web server? Which one is best for me?
Securing your site
Apache and Nginx tips and tricks
HTTPS encryption (SSL/TLS), including using the free Let’s Encrypt
Create user-friendly and search-engine friendly URLs over any web application
What if you become popular? (performance and handling a large number requests)
Learning Objectives
Understand how to secure the Apache web server on IBM i
Learn to use Apache’s most useful features, including search engine optimization, logging, and virtual hosts
Audience
Administrators and developers seeking to prepare their systems for web applications, improve performance, and improve security.

• Ever wonder why your penetration tests never yield a failure on IBM i? It's because security generalists don't know how to test it properly. Steve has successfully breached many systems in less than five minutes and will show you how to stop him.
• Worse Practices in System Security: This session will explore the bad, ugly and ugliest of IBM i security misconfigurations so you can learn from others’ misfortunes.

In this new session, Scott will explore the many ways that “bad actors” can attempt to subvert the security on IBM i. Whether the topic is protecting against SQL Injection, closing doors to acquiring elevated privileges, or attempting to discover unprotected objects, this session will include techniques for evaluation and protection of your IBM i. Attend this session to take a big step towards discovering and eliminating attack vectors within Db2 for i!

IBM has provided so many security features with IBM i, it’s hard to keep track of them much less understand all of the new features. This session highlights Carol and Steve’s favorite IBM i Security features and details the security features in recent Technology Refreshes that you may have missed.