PSQT
2008 West
May 5-9, 2008
Las Vegas, NV


Eric Newcomer
Chief Technology Officer at IONA
Presentation: Meeting New Challenges in Testing Service Oriented Architectures

The trend toward Service Oriented Architecture (SOA) addresses major IT requirements for agility, innovation, cost reduction, and improved efficiency through the design and development of shared, reusable services. The majority of early adopters have confirmed the benefits of SOA, but their experiences indicate that SOA projects present some new challenges for testing methodologies and technologies. This presentation briefly introduces the major concepts of SOA, explains how and why SOA is different from previous IT trends, and what the impact of this difference is on the development, management, and testing lifecycle. Finally the presentation will review some successful testing strategies employed in real SOA projects.

Participants will learn:

  • Basic SOA concepts and definitions
  • How and why the SOA trend is different than previous IT trends
  • Examples of successful testing strategies for SOA based projects

Biography:

In his role as Chief Technology Officer at IONA, Eric is responsible for IONA's technology and product strategy and participation in standards bodies.

Eric joined IONA in November 1999, after nearly 16 years at Digital/Compaq, as the company's transaction processing architect, and also served as IONA's Vice President of Engineering, Web Services Integration Products.

Eric has contributed to many transaction processing, middleware, and Web services standardization and product development activities.  He is currently a member of the Eclipse and OSGi Boards, and co-chair of the OSGi Enterprise Expert Group.  He is well known for his expertise in SOA, Web services, and transaction processing.

Eric is the author of Understanding Web Services (published in May 2002 by Addison-Wesley), co-author with Phil Bernstein of Principles of Transaction Processing (published in January 1997 by Morgan Kaufman), and co-author with Greg Lomow of Understanding SOA with Web Services , published by Addison Wesley in December 2004.

Billy Hoffman
Lead Security Researcher, HP Software
Presentation: Implementing Application Security: A Multi-Disciplinary Approach

Application security is neither a development problem nor an IT operations problem. Rather, it is a business problem requiring a multi-disciplinary approach. Gone are the days when anyone involved in the software development lifecycle (SDLC) can assume that security is 'someone else's job'. Security is now everyone's responsibility from developers, to the QA team to management. Security must be 'baked in' to applications, not 'brushed on' to completed applications. This approach requires a commitment to application security at all levels of management and offers the promise of a mature level of security without undue effect on the overall development process. This presentation will detail common web application vulnerabilities, investigate case studies and propose enterprise solutions for 'baking' security into the SDLC.

Participants will learn:

  • Attendees will learn about common web application vulnerabilities
  • Attendees will understand the key components of application quality when it comes to web apps and services
  • Attendees will learn new techniques for ensuring Web 2.0 application security

Outline:

  • Network vs. Application Security – Define and contrast
    • What is Network Security?
    • What is Application Security?
    • Why solutions for network security are failing at the application layer
  • Application Vulnerabilities
    • Vulnerability Classes
      • MITRE Vulnerability Statistics
      • 2007 OWASP Top 10
      • WASC Stats
    • Case study - RI.gov Compromise
  • Application Development
    • Pillars of Application Quality
      • People, Process and Tools
      • Vuln. Discovery Methodologies
    • Roles in the SDLC
    • Building a security development lifecycle
  • Web 2.0
    • What is Web 2.0?
      • Web 1.0 vs. Web 2.0
      • Who's using it
    • Impact on security
      • What does web 2.0 change?
      • What doesn't web 2.0 change
    • Conclusion

Biography:

Billy Hoffman is a Lead Security Researcher for HP Software. Prior to his role at HP, Billy was a lead security researcher for SPI Dynamics that was acquired by HP in August 2007. Billy focuses on automated discovery of Web application vulnerabilities and crawling technologies. He has been a guest speaker at AJAXWorld, Black Hat, Black Hat Federal, Toorcon, Shmoocon, O'Reilly's Emerging Technology Conference, The 5th Hope, and several other conferences. His work has been featured in Wired, Make magazine, Slashdot, G4TechTV, and in various other journals and Web sites. Topics have included reverse engineering law and techniques, ATMs, XM Radio and magstripe projects. In addition, Billy is a reviewer of white papers for the Web Application Security Consortium (WASC), and is a creator of Stripe Snoop, a suite of research tools that captures, modifies, validates, generates, analyzes, and shares data from magstripes. He also spends his time contributing to OSS projects and writes articles under the handle Acidus, and recently co-authored a book on AJAX Security for publisher Addison Wesley Professional, which was released late in 2007.

 
Join our Mailing List to be reminded of future events






PSQT Conference.com is sponsored by Software Dimensions Consulting and Training, Inc.
Contact Us
© 2008 Software Dimensions