Search:


Find us on Facebook Follow us on Twitter

© ICCM 2013

ICCM 2013 Workshops

(Monday Pre-con)

HandsOn Remote Testing for Common Web Application Security Threats

David Rhoades
The proliferation of web-based applications has increased the enterprise's exposure to a variety of threats. There are overarching steps that can and should be taken at various steps in the application's lifecycle to prevent or mitigate these threats, such as implementing secure design and coding practices, performing source code audits, and maintaining proper audit trails to detect unauthorized use.

This workshop, through hands-on labs and demonstrations, will introduce the student to the tools and techniques needed to remotely detect and validate the presence of common insecurity for web-based applications. Testing will be conducted from the perspective of the end user (as opposed to a source code audit). Security testing helps to fulfill industry best practices and validate implementation. Security testing is especially useful since it can be done at various phases within the application's lifecycle (e.g. during development), or when source code is not available for review.

This workshop will focus on the most popular and critical threats facing web applications, such as cross-site scripting (XSS) and SQL injection, based on the industry standard OWASP "Top Ten". The foundation learned in this class will enable the student to go beyond the top ten via self-directed learning using other industry resources, such as the OWASP Testing Guide

Who should attend: People who need to audit web application security, develop web applications, or manage the development of web applications. Some essentials of HTTP will be briefly covered in the course, but it is best if you already have prior experience with HTML and HTTP.

Hands-on Exercises: This one-day workshop will include live demos by the instructor, as well as lab exercises to be performed by the students.

Each student will be given a virtual machine (via DVD or USB) containing an open-source OS (Ubuntu), tools, documentation, and web application targets for a fully self-contained web security testing environment. Training will feature the open-source project “Web Application Security Dojo” (http://dojo.mavensecurity.com).

Students are expected to bring a laptop computer so that they can run the virtual machine image supplied by the instructor. Student system requirements are simple:

  • any operating system that can run the latest stable version of VirtualBox (free from http://www.virtualbox.org/). Currently supported operating systems included Windows, Mac, and Linux.
  • 5 GB of free HD storage
  • 1 GB of RAM (2 GB or more is better)
  • USB port or DVD drive
  • wifi networking capability

Before the first day of class students must install the latest stable version of VirtualBox. Also install the latest version of “Oracle VM VirtualBox Extension Pack”. Both are free and found here: http://www.virtualbox.org/wiki/Downloads

Office 365 as a Ministry Collaboration Tool

Mark Johnson and other CIM staff

This session begins with a description of how ministries are using Office 365 as a comprehensive collaboration tool to help them accomplish their ministry goals. Part of this overview covers capabilities and benefits of this platform along with pros and cons of O365 vs. the equivalent on-premise applications. We will discuss the features of the various O365 package options, including pricing impact for a nonprofit ministry.

The session will then turn more technical as we work through planning and implementation of various O365 options, including standalone, simple AD integration, hybrid, and single sign-on scenarios. We will cover various options for test and pilot programs as well. We will also discuss the various migration options and tools available for transition from on-premise and other hosted systems.

To close out the technical portion of this session will address ways to help your staff take full ongoing advantage of the O365 collaboration environment. This will include practical resources to help with ongoing training, maintenance and support.

This session will include plenty of time to discuss how the O365 platform may or may not fit the specific real-life scenarios of your own mission organization. So, come prepared with lots of questions. We will also be available throughout the week to dig deeper on any of the topics that come up from this session for which you would like more information.

Developing Data-Centric Applications with Visual Studio, WPF, C#, ADO.NET and SQL Server using the MVVP paradigm

Paul Nielsen, Microsoft MVP
WPF, or Windows Presentation Foundation, is the modern method for developing rich experience (i.e. Fat Client) Windows applications. The primary idea behind WPF is abstraction of the UI from the code. The form is designed using XAML (Extensible Application Mark Up Language) and data bound to objects in the application. And the result looks great too - instead of writing to the Win32 API, WPF writes to DirectX for performance and pixel scalability.

The problem with WPF is that it has a steep learning curve. You have to understand all of WPF to understand part of WPF.

In this pre-con we’ll walk through the various parts of WPF, show how to best tie the application to a SQL Server database, and explain the popular MVVM method of building WPF applications. You'll leave with several working examples of WPF techniques.

The session does not assume you’ve seen WPF before, however, some exposure to Windows development, C#, and SQL Server will be useful.