Security issues for developers using Microsoft technologies
Technologies & Applications Spring 2012 Seminar Series
- When?
- Friday 4 May 2012, 10:00 to 12:00
- Where?
- 39 BB 02
- Open to:
- Public, Staff, Students
- Speaker:
- Chris Seary, Consultant, Charteris
His first presentation will demonstrate application security threats, showing actual code exploits and how they can be prevented. This is based on Chris' experience as a security consultant, and also his time working as a developer. The presentation will involve actual demonstrations of various types of web site attack, with full code examples. Chris will then proceed to give an overview of the secure application lifecycle within a large organisation, and some of the issues faced. How do banks keep ahead of both external attackers and internal threats, such as rogue traders?
The second presentation will look at application specific methods for securing communications. This will delve into subjects such as WS-Security and WS-Federation. This is true application-level security, incorporating XML encryption methods. Many third party applications now offer a WS-Security authentication suite, allowing complex web service security facilities, such as federated identity.
Biography
Chris Seary is a CLAS Consultant, and was an MVP in Developer Security for 5 years. He is an independent consultant, providing security advice to government and the financial industry, and he regularly speaks and writes on security related matters for organizations such as Microsoft. He has worked in various countries, designing and implementing security solutions for large government and private sector organizations, including the Australian Taxation Office, Microsoft Consulting and The Royal Bank of Scotland.