Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

Web Services Edge East and Cabana Night

Saturday, February 19, 2005 Comments

 .NET  Personal  Security  Service Orientation (SO)  Web Services 
Share:   Share on LinkedIn    Share on Twitter    Share on Facebook   

I was at the Sys-Con Web Services Edge East 2005 in Boston for a couple of days this week. I had some work to finish for a couple of my clients, so I couldn't attend the entire conference, but what I saw was great. Some of my favorite parts were watching Michael Stiefel's talk on SOA and WSE2 and one of my heros from my transaction study days: Eric Newcomer's talk on service orientation and an working SOA. I really wanted to see Julia Lerman's WSE2 talk, but had to miss it because of work -- bummer!

The biggest highlight for me was attending Patrick Hynds and Duane LaFlotte's security talk on "Security: The New Reality". They are also giving this talk at DevTeach. There were some impressive hacks and defense techniques shown, but one hack I especially "liked" (and you should defend against) is Duane's uploading of an ASP.NET (ASPX) page to a web site, and using it to traverse the file system to obtain anything he wanted off the web server!

While at the conference, I enjoyed catching up with Julie, Michael, Thom Robbins, Patrick, Duane, as well as meeting Derek Ferguson and G. Andrew Duthie for the first time. Look for an article on SQL Injection to come out soon in the .NET Developers Journal that I am working on with Patrick and Duane.

On Wednesday night, several of us attended the Cabana Night (sponsored by INETA). I was going to be in the Security room as an expert, but at last minute, I learned that the C# room needed someone, and Michael and I stepped in to fill the gap. Most of the questions dealt with books and other resources to get past the basics of C#, and into the advanced particulars of .NET. Both Michael and I agreed that you must always make sure you understand the CLR first (yes, and IL) before venturing out, as it will make understanding the advanced topics that much easier. Unfortunately, as it was last minute, we didn't have anything prepared for C# 2.0 information, but we had internet access and pointed to some good resources (specs, blogs, etc.) to get up to speed on the areas we were not as familiar with that night.

All in all, it was a great couple of days for me to catch up with some folks and learn a few things as well.

Share:   Share on LinkedIn    Share on Twitter    Share on Facebook