Monday, March 03, 2003

Keith Brown (DevelopMentor) Knows Security Reminiscent of the "Bo Knows" commercials of the early 1990s: Keith knows Security. I've been a big fan of Keith Brown ever since reading "Programming Windows Security" two years ago. Last week, I was fortunate enough to attend a presentation he gave entitled, "Countermeasures in Secure Computer Systems." His presentation focused on the obstacles we face when dealing with security - citing many of the cultural, economic, and technical issues in a typical IT environment. He also described the kinds of steps we need to take in order to build and maintain secure computer system. Keith summarized these steps in four key points: proaction, prevention, detection, and reaction. Keith is an excellent speaker. I was very impressed by his knowledge of the security theory and practice. I was also impressed with a fantastic SQL injection attack his used as an example to gain administrator-level access to a remote machine. Great stuff. 9:30:43 AM    comment []

More WS-* Specifications From BEA WS-Callback, WS-MessageData, and WS-Acknowledgement 9:13:57 AM    comment []

Dan Wahlin Tutorials on WS-Security in WSE http://www.xmlforasp.net/codeSection.aspx?csID=81 "Interested in learning more about using Microsoft's Web Service Enhancements (WSE) to secure Web Services? In this video tutorial from the XML for ASP.NET Developers website (http://www.XMLforASP.NET/), Dan Wahlin walks you through how to use WSE classes to authenticate Web Service callers." 9:11:42 AM    comment []