Security Track Schedule
Monday, November 7, 2005 — 9:00am - 1:00pm
1000 ASP.NET Fundamentals
Lino Tadros — Falafel Software, Inc.
Type: Preconference Tutorial.
Level: All.
This tutorial covers user controls, caching, state management, session management, database access, ViewState management, templates, Web Service integration, security, performance, optimization, and just plain having fun with ASP.NET.
Prerequisites: Any Web technology background is recommended. Some Microsoft .NET Framework knowledge helpful.
Room: Continental Ballroom 6
3008 Developing Database Applications with the Microsoft .NET Framework
Cary Jensen — Jensen Data Systems, Inc.
Type: Preconference Tutorial.
Level: Intermediate.
Get a head start on developing database applications for the Microsoft .NET Framework in this fast-paced introduction to ADO.NET. This tutorial describes and demonstrates the roles of the most common classes in ADO.NET. Topics include connecting to databases, executing queries, working with result sets, navigating data, creating calculated fields and aggregates, persisting datasets, using views, and synchronizing visual controls. Special attention is paid to best practices in .NET database development. Examples in both Delphi and C# are shown.
Prerequisites: Familiarity with database development issues.
Room: Continental Ballroom 4
Tuesday, November 8, 2005 — 1:30pm - 2:45pm
2106 ASP.NET Web Development with Delphi for the Microsoft .NET Framework
Bob Swart — Bob Swart Training & Consultancy
Type: Regular Session.
Level: Beginning.
In this session, we cover ASP.NET Web development with Delphi for the Microsoft .NET Framework showing how to design ASP.NET Web Forms, session and state management, authorization and authentication (login), and deployment.
Prerequisites: None.
Room: Continental Ballroom 4
3194 Embedded User Authentication in InterBase
Charlie Caro — Borland
Type: Regular Session.
Level: Intermediate.
This session describes the user definition language (UDL) that underlies InterBase embedded user authentication (EUA) introduced in IB7.5. The architecture is designed to be backward compatible with the existing server authentication technique, allowing two-way switching between those alternatives. If time permits, an audience discussion on possible EUA extensions that would improve utility of the feature is also planned.
Prerequisites: Familiarity with database authentication mechanisms.
Room: Continental Parlor 7
Tuesday, November 8, 2005 — 4:45pm - 6:00pm
3106 ASP.NET Web Forms and Databases
Bob Swart — Bob Swart Training & Consultancy
Type: Regular Session.
Level: Intermediate.
In this session, we cover ASP.NET Web Forms and multi-tier databases.
Prerequisites: ASP.NET Web development experience.
Room: Continental Ballroom 6
Wednesday, November 9, 2005 — 12:30pm - 1:15pm
9008 StarTeam Birds-of-a-Feather
John Sileski — Borland
Type: Birds-of-a-Feather.
Level: All.
The topic is StarTeam, but the agenda is open. Come to discuss common issues, ideas, and solutions with other attendees and StarTeam product staff.
Prerequisites: None.
Room: Continental Parlor 9
Wednesday, November 9, 2005 — 1:30pm - 2:45pm
3128 Securing ASP.NET Web Applications
Lino Tadros — Falafel Software, Inc.
Type: Regular Session.
Level: Intermediate.
This session presents countermeasures to defend against threats. Topics include input validation; best practices when working with Microsoft SQL Server, including the use of parameterized commands, stored procedures, accounts with limited privileges, Microsoft Windows; authentication versus SQL Server logins, and secure storage of connection strings; HTML-encoding of user input; vulnerabilities specific to ASP.NET forms authentication and forms authentication cookies; use of encrypted view state rather than hidden fields to maintain state between requests; storage of password hashes rather than passwords for added security; and more.
Prerequisites: Microsoft .NET Framework 1.1 and ASP.NET knowledge preferred.
Room: Continental Ballroom 4
Thursday, November 10, 2005 — 8:00am - 9:15am
3164 Securing Web Services: Protecting Your Enterprise
Dana Kaufman — Forum Systems, Inc.
Type: Regular Session.
Level: Intermediate.
This session explores various methods of securing Web Services to help attendees navigate the confusing path of Web Service standards. Concepts such as WS-Security 2004, SAML, and WS-I Basic Security Profile are examined.
Prerequisites: Basic understanding of Web Services and Web Services/XML concepts such as WSDL, SOAP, Schema, etc.
Room: Continental Parlor 1-2
Thursday, November 10, 2005 — 11:00am - 12:15pm
2144 Web Application Security Vulnerabilities
Neal Ford — ThoughtWorks
Type: Regular Session.
Level: Beginning.
This session highlights common mistakes made by Web programmers stating the problems and avoidance techniques. The material in this session is derived from the Open Web Application Security Project (OWASP) and other sources.
Prerequisites: None.
Room: Continental Parlor 3
Thursday, November 10, 2005 — 1:15pm - 2:30pm
3166 InterBase Security: A Whole New Ballgame
Bill Todd — The Database Group, Inc.
Type: Regular Session.
Level: Intermediate.
This session focuses on the vast array of new features in InterBase that dramatically improve InterBase security. Topics include embedded user authentication, automatic re-routing of database connections, server-side aliases, database encryption, over-the-wire encryption, and operating system security.
Prerequisites: None.
Room: Continental Parlor 7
<Canceled>
2148 Simplifying Security Administration with Groups, Roles and Permission Sets
Jeff Elkins — American Healthways
Type: Regular Session.
Level: Beginning.
The StarTeam security architecture provides the ability to finely tune access granted by user, group, and object within StarTeam, but although this allows exceptional customization, it can also give rise to overly complex security structures. This session explores the benefits and disadvantages of creating both information-based and role-based StarTeam groups.
Prerequisites: Some experience with the StarTeam security model.