Security Track

Legend

Occasionally changes occur in speakers, sessions and times. Please make sure to update your conference plans.

View Sessions by Course Number        View Sessions by Date

An asterisk (*) in the title indicates that the session is offered multiple times.

1000  ASP.NET Fundamentals
Lino Tadros — Falafel Software, Inc.
IDE Borland Delphi Delphi C# Distributed Computing Microsoft Windows (including .NET Framework) Programming Security User Interfaces Web Development (including Web Services) XML
Type: Preconference Tutorial. Level: All.
This tutorial covers user controls, caching, state management, session management, database access, ViewState management, templates, Web Service integration, security, performance, optimization, and just plain having fun with ASP.NET.
Prerequisites: Any Web technology background is recommended. Some Microsoft .NET Framework knowledge helpful.
1000 Monday, November 7, 2005 — 9:00am - 1:00pm
Room: Continental Ballroom 6

2106  ASP.NET Web Development with Delphi for the Microsoft .NET Framework
Bob Swart — Bob Swart Training & Consultancy
IDE Borland Delphi Delphi Microsoft Windows (including .NET Framework) Programming Security Web Development (including Web Services)
Type: Regular Session. Level: Beginning.
In this session, we cover ASP.NET Web development with Delphi for the Microsoft .NET Framework showing how to design ASP.NET Web Forms, session and state management, authorization and authentication (login), and deployment.
Prerequisites: None.
2106 Tuesday, November 8, 2005 — 1:30pm - 2:45pm
Room: Continental Ballroom 4

2144  Web Application Security Vulnerabilities
Neal Ford — ThoughtWorks
JBuilder Java Best Practices Distributed Computing Java Platform Quality Security Web Development (including Web Services)
Type: Regular Session. Level: Beginning.
This session highlights common mistakes made by Web programmers stating the problems and avoidance techniques. The material in this session is derived from the Open Web Application Security Project (OWASP) and other sources.
Prerequisites: None.
2144 Thursday, November 10, 2005 — 11:00am - 12:15pm
Room: Continental Parlor 3

2148  Simplifying Security Administration with Groups, Roles and Permission Sets  Session Change
Jeff Elkins — American Healthways
Application Lifecycle StarTeam Best Practices Security
Type: Regular Session. Level: Beginning.
The StarTeam security architecture provides the ability to finely tune access granted by user, group, and object within StarTeam, but although this allows exceptional customization, it can also give rise to overly complex security structures. This session explores the benefits and disadvantages of creating both information-based and role-based StarTeam groups.
Prerequisites: Some experience with the StarTeam security model.
2148 canceled Time Change

3008  Developing Database Applications with the Microsoft .NET Framework
Cary Jensen — Jensen Data Systems, Inc.
IDE Borland Delphi Delphi C# Best Practices Database Microsoft Windows (including .NET Framework) Programming Security Web Development (including Web Services) XML
Type: Preconference Tutorial. Level: Intermediate.
Get a head start on developing database applications for the Microsoft .NET Framework in this fast-paced introduction to ADO.NET. This tutorial describes and demonstrates the roles of the most common classes in ADO.NET. Topics include connecting to databases, executing queries, working with result sets, navigating data, creating calculated fields and aggregates, persisting datasets, using views, and synchronizing visual controls. Special attention is paid to best practices in .NET database development. Examples in both Delphi and C# are shown.
Prerequisites: Familiarity with database development issues.
3008 Monday, November 7, 2005 — 9:00am - 1:00pm
Room: Continental Ballroom 4

3106  ASP.NET Web Forms and Databases
Bob Swart — Bob Swart Training & Consultancy
IDE Borland Delphi Delphi Database Microsoft Windows (including .NET Framework) Programming Security Web Development (including Web Services)
Type: Regular Session. Level: Intermediate.
In this session, we cover ASP.NET Web Forms and multi-tier databases.
Prerequisites: ASP.NET Web development experience.
3106 Tuesday, November 8, 2005 — 4:45pm - 6:00pm
Room: Continental Ballroom 6

3128  Securing ASP.NET Web Applications
Lino Tadros — Falafel Software, Inc.
IDE Borland Delphi Delphi C# Microsoft Windows (including .NET Framework) Programming Security Tools User Interfaces Web Development (including Web Services)
Type: Regular Session. Level: Intermediate.
This session presents countermeasures to defend against threats. Topics include input validation; best practices when working with Microsoft SQL Server, including the use of parameterized commands, stored procedures, accounts with limited privileges, Microsoft Windows; authentication versus SQL Server logins, and secure storage of connection strings; HTML-encoding of user input; vulnerabilities specific to ASP.NET forms authentication and forms authentication cookies; use of encrypted view state rather than hidden fields to maintain state between requests; storage of password hashes rather than passwords for added security; and more.
Prerequisites: Microsoft .NET Framework 1.1 and ASP.NET knowledge preferred.
3128 Wednesday, November 9, 2005 — 1:30pm - 2:45pm
Room: Continental Ballroom 4

3164  Securing Web Services: Protecting Your Enterprise
Dana Kaufman — Forum Systems, Inc.
JBuilder Borland Delphi Delphi Java Distributed Computing Microsoft Windows (including .NET Framework) Java Platform Security Web Development (including Web Services) XML
Type: Regular Session. Level: Intermediate.
This session explores various methods of securing Web Services to help attendees navigate the confusing path of Web Service standards. Concepts such as WS-Security 2004, SAML, and WS-I Basic Security Profile are examined.
Prerequisites: Basic understanding of Web Services and Web Services/XML concepts such as WSDL, SOAP, Schema, etc.
3164 Thursday, November 10, 2005 — 8:00am - 9:15am
Room: Continental Parlor 1-2 Time Change

3166  InterBase Security: A Whole New Ballgame  Session Change
Bill Todd — The Database Group, Inc.
Application Middleware InterBase Database Security
Type: Regular Session. Level: Intermediate.
This session focuses on the vast array of new features in InterBase that dramatically improve InterBase security. Topics include embedded user authentication, automatic re-routing of database connections, server-side aliases, database encryption, over-the-wire encryption, and operating system security.
Prerequisites: None.
3166 Thursday, November 10, 2005 — 1:15pm - 2:30pm
Room: Continental Parlor 7

3194  Embedded User Authentication in InterBase  Session Change
Charlie Caro — Borland
Application Middleware InterBase Database Security
Type: Regular Session. Level: Intermediate.
This session describes the user definition language (UDL) that underlies InterBase embedded user authentication (EUA) introduced in IB7.5. The architecture is designed to be backward compatible with the existing server authentication technique, allowing two-way switching between those alternatives. If time permits, an audience discussion on possible EUA extensions that would improve utility of the feature is also planned.
Prerequisites: Familiarity with database authentication mechanisms.
3194 Tuesday, November 8, 2005 — 1:30pm - 2:45pm
Room: Continental Parlor 7

9008  StarTeam Birds-of-a-Feather  New Session
John Sileski — Borland
Application Lifecycle StarTeam Best Practices Distributed Computing Methodologies Performance Process Quality Security Tools General
Type: Birds-of-a-Feather. Level: All.
The topic is StarTeam, but the agenda is open. Come to discuss common issues, ideas, and solutions with other attendees and StarTeam product staff.
Prerequisites: None.
9008 Wednesday, November 9, 2005 — 12:30pm - 1:15pm
Room: Continental Parlor 9 Time Change

Legend

All speakers, programs, and descriptions subject to change.