Scottish Developers are pleased to announce a full-day security-oriented event to be held in Edinburgh on the 12th of April 2007
You’ve taken the courses, you’ve scoured the Internet, you’ve attended many presentations, but alas, you still have many unanswered questions about website security.
Scottish Developers have secured the support of two consultants from Charteris plc, a respected IT and Managemant Consultancy and Microsoft Gold Partner. Barry Dorrans and Chris Seary are security specialists who regularly speak on subjects relating to the securing of web applications.
Come along on the 12th April for a full day of presentations and demonstrations surrounding the real world implications of the most common .NET web techologies: learn about the best practices, issues, gotchas, etc.
Bring along your questions and problems to gain assistance in finding solutions.
AGENDA
08:45 Registration
09:00 Hacking websites for fun and profit
10:30 Break
11:00 Securing applications and communications in ASP.NET
12:30 Lunch
13:30 Code Access Security – in-depth explanation and design pattern for web applications
15:00 Break
15:15 Securing Web Services with WS-*
16:45 Break
17:00 Managing Identity using Windows Cardspace
18:30 Close
– These are rough timings. Some session may end earlier or run later. We aim to shape the day around people’s need, not a time schedule!
Hacking websites for fun and profit
Presented by Barry Dorrans
How safe are your web sites?
Do you know what cross site scripting is?
SQL injection attacks?
Search engine leaks?
Learn how to check your sites for nasties by seeing how it’s done against badly written code and what you can do to secure your sites.
Securing applications and communications in ASP.NET
Presented by Barry Dorrans
This session aims to provide you with recipes to secure your asp.net application architecture, be they internet, extranet or intranet exposed. Covering authentication and authorisation strategies, identity management, securing communications, secrets, viewstate and more the session will discuss common best practices for secure architecture of ASP.NET applications.
Code Access Security – in-depth explanation and design pattern for web applications
Presented by Chris Seary
Chris has implemented CAS in several secure enterprise scale web applications. This talk will explain how CAS works, and also give details of a design pattern for implementing CAS in web applications.
We start by showing a web site being hacked, and then alter the application to stop the hacker while preserving the full functionality of the web site. We also look at OneClick and how it uses Partial Trust.
Securing Web Services with WS-*
Presented by Chris Seary
Why use WS-Security – surely IPSEc and SSL will secure our site?
Actually, WS-* specifications provide functionality that network protocols do not.
We look at what WS-Security can add to web service security, and go through a good deal of sample code (which will be available to download).
This presentation covers both WSE and WCF. We also look into WS-Federation, and how it is to authenticate users from different domains.
Managing Identity using Windows Cardspace
Presented by Barry Dorrans
Windows CardSpace is a framework developed by Microsoft which securely stores digital identities of a person, and provides a unified interface for choosing the identity for a particular transaction, such as logging in to a website.
This talk will cover the identity metasystem, how CardSpace works and how you can use within it ASP.NET.
BIOGRAPHIES
Barry Dorrans has spent 15 years cutting code, starting with mainframes, through DOS, Visual C and MFC before finally ending up on the .NET platform. His experience has ranged from banking systems to Europe’s largest streaming network. He now mentors developers through .NET migrations and Expert Witness services with Charteris plc (http://www.charteris.com).
Chris Seary has been awarded the Most Valued Professional (MVP) award by Microsoft for his contributions to the field of application security. He has been securing large scale applications for several years, including the Australian Taxation Office’s mid-range systems, which make up the world’s largest .Net application. He regularly speaks on security, and has had articles published in journals and on MSDN.
DATE
Thursday 12th April 2007, 9:00am – 6:30pm.
Registration begins at 8:45am.
VENUE
Microsoft Edinburgh,
127 George Street,
Edinburgh
EH2 4JN
LUNCH
Approximately one hour will be set for lunch and a place can be pre-booked at a local restaurant.
Please let us know if you have any special dietary requirements.
Lunch is NOT included in the price for this event.
REGISTRATION
Please send an email to john@scottishdevelopers.com indicating you’d like to register. We’ll then complete the registration and book you a place.
Technorati Tags: security, CAS, Code Access Security, Barry Dorrans, Chris Seary, WS-Security, IPSec, SSL, Hacking, ASP.NET security, Charteris, web service security, ScottishDevelopers, community, Scottish Developers, UK Community