Session Schedule
Well we’re getting the schedule ironed out. My sessions are listed below. You WILL come to them won’t you!
SEC402 Federated Identity in the Cloud
Wednesday, August 25
13:45 - 15:00
Rocky Heckman
Does this sound like you: You want to provide access to your services and applications, without all the head-ache of managing a huge identity store for each organisation you want to do business with. You cringe when people mention Single Sign On and try to hide in the broom closet. In this session we'll discuss how to achieve federated identity management. We'll examine how to use the Azure Access Control Service for authentication to your REST based services. We will also examine how to use ADFS and the Windows Identity Foundation to provide a federated identity and access solution for partners and external clients accessing your self-hosted services and applications.
SEC406 Hacking: Top 5 Attacks and Defences
Thursday, August 26
11:30 - 12:45
Rocky Heckman
Come and see the top five current attacks that hackers are using to break into your organisation. See how they work and how attackers hack applications using them. We'll also show you how to prevent them and how to protect your business critical applications from becoming attack vectors for your organisation. We'll cover SQL Injection Cross-Site Scripting (XSS) Broken Authentication and Session Management Insecure Direct Object References Cross-Site Request Forgery (CSRF)
Comments
Anonymous
September 13, 2010
Hi, Regarding the application you went through in the SEC406 talk, is the source code available. I would like to run a workshop locally and this was ideal to explain many of the concepts I am trying to explain. Excellent talk too!Anonymous
September 13, 2010
HI Ian, I can't give you the specific application I was using in my demo, however you can go through most of the same kind of practice attacks with two cool tools. The first one is the Hello Secure World web site: www.hellosecureworld.com The other one that is very useful for this kind of thing in the OWASP (http://www.owasp.org ) Web Goat project which is a stand-alone web application system used for demonstrating and practicing those types of attacks. ( www.owasp.org/.../Category:OWASP_WebGoat_Project )