Adnan on Technology, Research & Development
Speaking
Speaking @ SoCal .NET Architecture Users Group – Implementing SOA Design Patterns with WCF
15 days
I will be speaking at the next SoCal IASA chapter meeting will be Thursday May 17, 2012 at Rancho Santiago Community College District, 2323 N. Broadway, Santa Ana. Meeting starts at 7:00 pm iA, pizza and networking 6:30 pm. RSVP by emailing to mike.vincent@mvasoftware.com if you plan to attend.
Implementing SOA Design Patterns with WCF
Service Oriented Architecture (SOA) is an architectural design pattern where it’s design is determined by few guiding principles mainly (a) Ser- vice compatibility is determined based on policy (b) Services share schema and contract, not class (c) Services are Autonomous and (d) Boundaries are Explicit. Implementation of these so-called SOA tenants requires a powerful framework which provides a unified programming model, reliable messaging, security, workflow service, interoperability and integration, syndication, meta-data exploration support, service versioning, REST-Ful endpoints and many other modern connected systems features. Both Service-Orientation and the Windows Communication Foundation (WCF) offer the promise of greater interoperability and ease of integration, but in order to realize benefits such as these we must evolve the way we architect solutions.
This session will be a hands-on introduction to SOA with Windows Communication Foundation. Speaker presents patterns using WCF that allows you to define descriptive, maintainable, yet extensible contracts and implementation of SOA tenants. Since SOA promotes loose coupling at the transport layer; you’ll learn how to create loosely coupled systems, the difference between web reference, service reference and channelfactory. The attendees will learn how to avoid anti-Patterns and leverage WCF to create extensible, versioned, responsive, interoperable, and easy-to- maintain services.
Resources – talk @ 10th Annual SecureIT conference
58 days
Following are the resources from my and Tin Zaw‘s talk @ 10th Annual SecureIT conference- “Practical Web Application Security and OWASP Top 10 implementation on Microsoft Platform”
- OWASP Top 10 Presentation
- AppSec Tutorial Videos
- OWASP Cheat Sheets
- ASP.NET MVC Best Practices
- Microsoft Partners in Learning
- OWASP 2010 Top 10 Cheat Sheet
- Free eBook: OWASP Top 10 for .NET developers
- Troy Hunt (MVP) OWASP Related posts
- Anti-Forgery Request Recipes For ASP.NET MVC And AJAX
- Microsoft Security Development Lifecycle
- Authorize Attribute
- OWASP Webgoat Project
- Keep your .config clean with external config files
- jQuery Ajax calls and the Html.AntiForgeryToken()
- Does ASP.NET Viewstate implicitly prevent CSRF attacks? What does this mean for MVC?
- Protecting against CSRF attacks in ASP.Net MVC
- Anatomy of a Cross-site Request Forgery Attack
- webgoat.mvc (kahanu fork - complete)
- Step by Step improvement in Guarding against CSRF in MVC
Happy Secure Coding!
Speaking @ 10th Annual SecureIT conference- “Practical Web Application Security and OWASP Top 10 implementation on Microsoft Platform”
74 days
On March 18th, I will be speaking at the 10th Annual SecureIT conference in a workshop titled “Practical Web Application Security and OWASP Top 10 implementation on Microsoft Platform”. This is a joint session with Tin Zaw, chapter leader and president of OWASP LA.
Here is the abstract.
Practical Web Application Security and OWASP Top 10 implementation on Microsoft Platform
Presenters: Adnan Masood, Tin Zaw
This session is a hands-on introduction to the web application security threats using the OWASP top 10 list of potential security flaws. The OWASP Top Ten provides a powerful awareness list for web application security and represents a broad consensus about what the most critical web application security flaws are.
Focusing on Microsoft platform with examples in ASP.NETand ASP.NETMVC, we will go over some of the common exploits and techniques for writing secure code in the light of OWASP top 10. In this code centric talk, we will discuss built in security features ofASP.NET and MVC such as cross site request forgery token and secure cookies and how to leverage them to write secure code. The OWASP Top 10 Web Application Security Risks for 2010 which will be covered in this presentation include Injection flaws, Cross-Site Scripting (XSS), Broken Authentication and Session Management, Insecure Direct Object References, Cross-Site Request Forgery (CSRF),Security Misconfiguration, Insecure Cryptographic Storage, Failure to Restrict URL Access, Insufficient Transport Layer Protection and Unvalidated Redirects and Forwards.
Session Notes – Practical AppFarbic @ Southern California .NET Developers Group
107 days
Last night I presented on appfabric at Southern California .NET Developers Group in Buena Park. This talk was an expanded version of my earlier talk in the code camp talk last weekend. I get a chance to talk a little more about network topology and enterprise load balancing scenarios where appfabric caching and session management really helps. I also touched upon few topics including AppFabric Caching Admin tool, Concurrency Models (Windows Server AppFabric Caching), Windows Server AppFabric Caching Concepts, Windows Server AppFabric Caching Logical Architecture, Windows Server AppFabric Caching Physical Architecture and Concepts and Architecture for app fabric design and deployment. My recently submitted tip on code project regarding Windows Server AppFabric Service Validation was also demonstrated.
Last but not least, one of the attendees brought up an excellent question of how to handle HIPAA and PCI compliant data in the cloud. To the best of my knowledge, based on my last conversations at the cloud summit in LA, the best approach is to do a hybrid cloud implementation i.e. public cloud CDN Style for the public facing sites while keep the sensetive data in-house where your internal data center is PCI/HIPAA compliant. Feel free to check with Lynn since she has been following this area closely.
Thanks to the great audience including celebrities like Jeremy Clark . Special thanks to Art Villa and Janet Chung for the speaking opportunity. For links and code sample, please see my previous talk.
Session Notes – Practical AppFarbic @ SoCal Code Camp Fullerton
109 days
One of the great benefits of speaking to a group of peer developers and engineers is the valuable feedback and learning. In my yesterday’s session on Practical AppFabric Caching, there were various great questions from audience pertaining to app fabric development, deployment and configuration in the wild. The questions were about use of local cache, appfabric security model, local cache vs. global cache scenarios, high availability, performance monitoring and health monitoring / SCOM in appfabric. I am planning to do detailed blog posts on these topics in near future; but for now, these links should answer the immediate concerns.
As discussed, AppFabric 1.1 can be downloaded from here which introduces read-through and write-behind provider support, graceful shutdown, domain account support, new ASP.NET session state and output caching providers, compression and multiple cache client application configuration sections to the existing appfabric feature-set. The sample app can be downloaded from here. CacheWebAppSample.
Links
- AppFabric Home @ Microsoft
- Caching Algorithms
- Installing, Configuring and Using Windows Server AppFabric and the “Velocity” Memory Cache in 10 minutes
- Microsoft Windows Server AppFabric Cookbook
- AppFabric Cache Feature Comparisons
- Velocity vs. HA Velocity
- Windows Server AppFabric Introduction
- AppFabric Client API
- Windows Server AppFabric Learning Center
