OWASP Los Angeles November Monthly Meeting
Details
After the meeting, join us as Crescent Solutions takes us for drinks at BJs in the Fox Hills mall.
WCF Security – Securing your Service Oriented Architecture
Any Service-Oriented Architecture (SOA) needs to support security features that provide auditing, authentication, authorization, confidentiality, and integrity for the messages exchanged between the client and the service. Microsoft Windows Communication Foundation (WCF) provides these security features by default for any application that is built on top of the WCF framework. In this session, Adnan Masood will discuss the WCF security features related to auditing and logging, authentication, authorization, confidentiality, and integrity.
This talk is focused on WCF security features with code demonstration to use behaviors and bindings toconfigure security for your WCF service. Bindings and behaviors allow you to configure transfer security, authentication, authorization, impersonation, and delegation as well as auditing and logging. This presentation will help you understand basic security-related concepts in WCF, what bindings and behaviors are and how they are used in WCF, authorization and roles in the context of WCF, impersonation and delegation in the context of WCF and what options are available for auditing in WCF.
Targeted towards solution architects and developers, this talk will provide you architectural guidanceregarding authentication, authorization, and communication design for your WCF services, solution patterns for common distributed application scenarios using WCF and principles, patterns, and practices for improving key security aspects in services.
Speakers’ Bio:
Adnan Masood works as a web architect / technical lead for a financial institution where he develops SOA based middle-tier architectures, distributed systems, and web-applications using Microsoft technologies. He is a Microsoft Certified Trainer holding several technical certifications, including MCPD (Enterprise Developer), MCSD .NET, and SCJP-II. Adnan is attributed and published in print media and on the Web; he also teaches Windows Communication Foundation (WCF) courses at the University of California at San Diego and regularly presents at local code camps and user groups. He is actively involved in the .NET community as cofounder and president of the of San Gabriel Valley .NET Developersgroup.
Adnan holds a Master’s degree in Computer Science; he is currently a doctoral student working towards PhD in Machine Learning; specifically discovering interestingness measures in outliers using Bayesian Belief Networks. He also holds systems architecture certification from MIT and SOA Smarts certification from Carnegie Melon University.
