SecureIT 2013 - OWASP Web Services Security- Securing Your Service Oriented Architecture

I am confirmed to speak to SecureIT 2013 Conference with OWASP Los Angeles chapter leader, Tin Zaw. Following is the abstract from my talk.

Abstract: Any Service-Oriented Architecture (SOA) needs to support security features that provide auditing, authentication, authorization, confidentiality, and integrity for the messages exchanged between the client and the service. Microsoft Windows Communication Foundation (WCF) provides these security features by default for any application that is built on top of the WCF framework. In this session the presenters will discuss the WCF security features related to auditing and logging, authentication, authorization, confidentiality, and integrity.

This talk is focused on WCF security features with code demonstration to use behaviors and bindings to configure security for your WCF service. Bindings and behaviors allow you to configure transfer security, authentication, authorization, impersonation, and delegation as well as auditing and logging. This presentation will help you understand basic security-related concepts in WCF, what bindings and behaviors are and how they are used in WCF, authorization and roles in the context of WCF, impersonation and delegation in the context of WCF and what options are available for auditing in WCF.

Targeted towards solution architects and developers, this talk will provide you architectural guidance regarding authentication, authorization, and communication design for your WCF services, solution patterns for common distributed application scenarios using WCF and principles, patterns, and practices for improving key security aspects in services.



Adnan Masood, MS. MCSD.

Senior Software Architect at Greendot Corp., Chapter Leader and President Pasadena.NET Developers Group


Chapter Leader and President OWSAP- LA