Speaking at WinDev!

i am speaking at this years windev in boston. both talks are in keith brown’s security track. cool!


Designing Application Managed Authorization

Authorization is a task which every programmer has to face sooner or later. While authentication is handled in most situations by the operating system, authorization concepts have to be designed on a per application basis. The .NET Framework provides various authorization mechanisms to control the

functionality of applications so that they behave as intended and cannot be misused either accidentally or deliberately. These include role based access checks using windows or non windows accounts, Microsoft Authorization Manager, COM+ role based security and code access security authorization.

This talk provides guidelines for designing and coding application-managed authorization for single or multi-tier applications that are based on .NET. It focuses on common authorization tasks and scenarios, and it provides information that helps you choose the best approaches and techniques.


Improving Application Security through Pen-Testing

Application programmers usually focus on normal execution paths, attackers on error conditions.

Penetration Testing is the process of analyzing applications and infrastructures through the eyes of an attacker and to use exactly the same techniques and tools these people would use. This talk gives the theory behind auditing and penetration/security testing and introduces proven methodologies.
Common programming pitfalls like input validation flaws including sql injection, cross site scripting and directory traversal, asp.net misconfigurations and overall “hackable” application designs are shown with a detailed explanation how to exploit these security holes.

After this session you will have the knowledge to start testing your own applications for security problems and using tools to automate these tests.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s