addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupsimageimagesinstagramlinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1outlookpersonJoin Group on CardStartprice-ribbonImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruseryahoo

OWASP Los Angeles November Monthly Meeting

After the meeting, join us as Crescent Solutions takes us for drinks at BJs in the Fox Hills mall.

WCF Security – Securing your Service Oriented Architecture

Any Service-Oriented Architecture (SOA) needs to support security features that provide auditing, authentication, authorization, confidentiality, and integrity for the messages exchanged between the client and the service. Microsoft Windows Communication Foundation (WCF) provides these security features by default for any application that is built on top of the WCF framework. In this session, Adnan Masood will discuss the WCF security features related to auditing and logging, authentication, authorization, confidentiality, and integrity.

This talk is focused on WCF security features with code demonstration to use behaviors and bindings toconfigure security for your WCF service. Bindings and behaviors allow you to configure transfer security, authentication, authorization, impersonation, and delegation as well as auditing and logging. This presentation will help you understand basic security-related concepts in WCF, what bindings and behaviors are and how they are used in WCF, authorization and roles in the context of WCF, impersonation and delegation in the context of WCF and what options are available for auditing in WCF.

Targeted towards solution architects and developers, this talk will provide you architectural guidanceregarding authentication, authorization, and communication design for your WCF services, solution patterns for common distributed application scenarios using WCF and principles, patterns, and practices for improving key security aspects in services.

Speakers’ Bio:

Adnan Masood works as a web architect / technical lead for a financial institution where he develops SOA based middle-tier architectures, distributed systems, and web-applications using Microsoft technologies. He is a Microsoft Certified Trainer holding several technical certifications, including MCPD (Enterprise Developer), MCSD .NET, and SCJP-II. Adnan is attributed and published in print media and on the Web; he also teaches Windows Communication Foundation (WCF) courses at the University of California at San Diego and regularly presents at local code camps and user groups. He is actively involved in the .NET community as cofounder and president of the of San Gabriel Valley .NET Developersgroup.

Adnan holds a Master’s degree in Computer Science; he is currently a doctoral student working towards PhD in Machine Learning; specifically discovering interestingness measures in outliers using Bayesian Belief Networks. He also holds systems architecture certification from MIT and SOA Smarts certification from Carnegie Melon University.

Join or login to comment.

  • Adnan M.

    I had a great time last night speaking to OWASP Los Angeles November Monthly Meeting on the topic of WCF Security – Securing your Service Oriented Architecture. The presentation slides and code is now uploaded on my blog at the following link.

    Thanks for inviting me to speak to your user group.

    1 · November 29, 2012

  • Parag K.

    Awesome, loved the presentation , would have loved more internals/sec stuff. Great effort, thanks owasp

    November 29, 2012

  • Mark A.

    Summarized Security issue in SOA and share security risk vs. performance experiences

    November 29, 2012

  • Karl M.


    November 29, 2012

60 went

Our Sponsors

  • OWASP - LA


  • Riot Games

    Our goal is to become the most player-focused company in the world.

  • AsTech

    AsTech helps customers become application security heroes.

  • incapsula


  • Verizon

    Verizon DEFEND - Comprehensive cloud-based WAF and DDoS protection

  • Bugcrowd

    An innovator in crowdsourced security testing for the enterprise.

  • Absolute Software

    Industry standard in endpoint and management solutions

  • Prevoty

  • Whitehat Security

    End-to-end solutions for Web security.

  • GreenSQL

    Database Security and Compliance for EVERY organisation.


    Authentic8 puts you back in control.

  • Guidance Software

    Recognized worldwide as the industry leader in endpoint investigation

  • Check Point

    The worldwide leader in securing the Internet

  • WinMagic

    Makes it easy to secure data!

  • ioActive

    IOActive security consultancy with global presence and deep expertise

  • Contrast Security

    Secure Apps at their Source.

  • Akana


  • Qualys

    QualysGuard Web Application Scanning (WAS)

  • Click below:

  • Cigital, Inc

    The world’s largest consulting firm specializing in software security

  • Trend Micro

    A global leader in security software

  • Checkmarx

    Ensures your application remains hacker-proof.

  • SecureAuth

    SecureAuth is a technology leader in enterprise identity governance.

  • Symantec Corporation

    Provide security, storage and systems management solutions

  • BeyondTrust

    The global leader in privileged identity and threat management solutions

  • Security Innovation

    The Application Security Company

  • Palo Alto Networks

    Their Next-Generation Firewall enables applications

  • Arxan Technologies

    Sharing thought leadership & best practices on mobile apps security

  • Bay Dynamics

    IT Analytics

  • Venafi

    Inventor and market leader: Enterprise Key & Certificate Management

  • Trustwave

    Simple solutions to your complex security and compliance challenges

  • Phone Factor

    Multi-factor authentication to protect against today's threats

  • Gemalto

    Gemalto (formerly SafeNet)

  • PhishMe


People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy