{"id":521,"date":"2007-02-17T13:16:47","date_gmt":"2007-02-17T12:16:47","guid":{"rendered":"http:\/\/www.craigmurphy.com\/blog\/?p=521"},"modified":"2007-02-17T13:23:49","modified_gmt":"2007-02-17T12:23:49","slug":"scottish-developers-web-security-conference-day-for-windows-developers-12042007","status":"publish","type":"post","link":"http:\/\/www.craigmurphy.com\/blog\/?p=521","title":{"rendered":"Scottish Developers – Web Security Conference Day for Windows Developers – 12\/04\/2007"},"content":{"rendered":"

Scottish Developers are pleased to announce a full-day security-oriented event<\/a> to be held in Edinburgh<\/strong> on the 12th of April 2007<\/strong><\/p>\n

You’ve taken the courses, you’ve scoured the Internet, you’ve attended many presentations, but alas, you still have many unanswered questions about website security.<\/p>\n

Scottish Developers have secured the support of two consultants from Charteris plc<\/a>, a respected IT and Managemant Consultancy and Microsoft Gold Partner. Barry Dorrans<\/a> and Chris Seary<\/a> are security specialists who regularly speak on subjects relating to the securing of web applications.<\/p>\n

Come along on the 12th April for a full day of presentations and demonstrations surrounding the real world implications of the most common .NET web techologies: learn about the best practices, issues, gotchas, etc. <\/p>\n

Bring along your questions and problems to gain assistance in finding solutions.<\/p>\n

AGENDA<\/strong>
\n08:45 Registration
\n09:00 Hacking websites for fun and profit
\n10:30 Break
\n11:00 Securing applications and communications in ASP.NET
\n12:30 Lunch
\n13:30 Code Access Security – in-depth explanation and design pattern for web applications
\n15:00 Break
\n15:15 Securing Web Services with WS-*
\n16:45 Break
\n17:00 Managing Identity using Windows Cardspace
\n18:30 Close <\/p>\n

– These are rough timings. Some session may end earlier or run later. We aim to shape the day around people’s need, not a time schedule!<\/p>\n

Hacking websites for fun and profit<\/strong>
\nPresented by Barry Dorrans<\/p>\n

How safe are your web sites?
\nDo you know what cross site scripting is?
\nSQL injection attacks?
\nSearch engine leaks?<\/p>\n

Learn how to check your sites for nasties by seeing how it’s done against badly written code and what you can do to secure your sites.<\/p>\n

Securing applications and communications in ASP.NET<\/strong>
\nPresented by Barry Dorrans<\/p>\n

This session aims to provide you with recipes to secure your asp.net application architecture, be they internet, extranet or intranet exposed. Covering authentication and authorisation strategies, identity management, securing communications, secrets, viewstate and more the session will discuss common best practices for secure architecture of ASP.NET applications.<\/p>\n

Code Access Security – in-depth explanation and design pattern for web applications <\/strong>
\nPresented by Chris Seary<\/p>\n

Chris has implemented CAS in several secure enterprise scale web applications. This talk will explain how CAS works, and also give details of a design pattern for implementing CAS in web applications. <\/p>\n

We start by showing a web site being hacked, and then alter the application to stop the hacker while preserving the full functionality of the web site. We also look at OneClick and how it uses Partial Trust.<\/p>\n

Securing Web Services with WS-*<\/strong>
\nPresented by Chris Seary<\/p>\n

Why use WS-Security – surely IPSEc and SSL will secure our site?
\nActually, WS-* specifications provide functionality that network protocols do not. <\/p>\n

We look at what WS-Security can add to web service security, and go through a good deal of sample code (which will be available to download). <\/p>\n

This presentation covers both WSE and WCF. We also look into WS-Federation, and how it is to authenticate users from different domains.<\/p>\n

Managing Identity using Windows Cardspace<\/strong>
\nPresented by Barry Dorrans<\/p>\n

Windows CardSpace is a framework developed by Microsoft which securely stores digital identities of a person, and provides a unified interface for choosing the identity for a particular transaction, such as logging in to a website. <\/p>\n

This talk will cover the identity metasystem, how CardSpace works and how you can use within it ASP.NET.<\/p>\n

BIOGRAPHIES<\/strong>
\nBarry Dorrans has spent 15 years cutting code, starting with mainframes, through DOS, Visual C and MFC before finally ending up on the .NET platform. His experience has ranged from banking systems to Europe’s largest streaming network. He now mentors developers through .NET migrations and Expert Witness services with Charteris plc (http:\/\/www.charteris.com).<\/p>\n

Chris Seary has been awarded the Most Valued Professional (MVP) award by Microsoft for his contributions to the field of application security. He has been securing large scale applications for several years, including the Australian Taxation Office’s mid-range systems, which make up the world’s largest .Net application. He regularly speaks on security, and has had articles published in journals and on MSDN.<\/p>\n

DATE<\/strong>
\nThursday 12th April 2007, 9:00am – 6:30pm.<\/p>\n

Registration begins at 8:45am.<\/p>\n

VENUE<\/strong>
\nMicrosoft Edinburgh,
\n127 George Street,
\nEdinburgh
\nEH2 4JN<\/p>\n

LUNCH<\/strong>
\nApproximately one hour will be set for lunch and a place can be pre-booked at a local restaurant. <\/p>\n

Please let us know if you have any special dietary requirements. <\/p>\n

Lunch is NOT included in the price for this event.<\/p>\n

REGISTRATION<\/strong>
\nPlease send an email to john@scottishdevelopers.com<\/strong> indicating you’d like to register. We’ll then complete the registration and book you a place.<\/p>\n

Technorati Tags: security<\/a>, CAS<\/a>, Code Access Security<\/a>, Barry Dorrans<\/a>, Chris Seary<\/a>, WS-Security<\/a>, IPSec<\/a>, SSL<\/a>, Hacking<\/a>, ASP.NET security<\/a>, Charteris<\/a>, web service security<\/a>, ScottishDevelopers<\/a>, community<\/a>, Scottish Developers<\/a>, UK Community<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Scottish Developers are pleased to announce a full-day security-oriented event<\/a> to be held in Edinburgh on the 12th of April 2007<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22,16,21],"tags":[],"class_list":["post-521","post","type-post","status-publish","format-standard","hentry","category-community","category-developer-events","category-security"],"_links":{"self":[{"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/521","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=521"}],"version-history":[{"count":0,"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/521\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=521"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=521"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=521"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}