Here is my current list of talks and training
- "Breaking Web Services," Monday July 7: OWASP Twin Cities - "SOA and Web services promise wonderful interoperability, but distributed systems create lots of room for fantastic failures. This session will explore the gory details of unique vulnerabilities at each layer of the SOA stack - from the WSDL interfaces to XML processing (XSD, XPath and XQuery), to the implementation languages liike Java and C#, to new security standards like WS-Security and SAML.
I gave a version of this talk with Brian Chess at the 2008 RSA Conference.
- "Web Services and SSO: There and Back Again" at Ping's SSO Summit. July 25, Keystone, CO - "What happens to your identity information and business data after you press "SUBMIT" on a website? These bits have a journey as dangerous as Frodo Baggins' travels through Mordor. This talk traces the path from the website through the perils that lurk in the enterprise and legacy systems. We will explore what threats are encountered along the way, and how to design a cost effective security architecture with Security Token Servers using open standards."
- "SOA, web services, and XML Security" 1 day training at Usenix Security July 29. This is a public 1 day version of my training see the link for details
