I’m going to be presenting at SD Best Practices 2007 in Boston in September.
The gist of the talk is to address application security as an architecture issue. The Model-View-Controller architecture shows up in a lot of web frameworks, and in the talk I discuss common security patterns that make sense, both for people who develop MVC frameworks and people who develop applications using MVC frameworks.
This diagram, which I thought of over breakfast one morning, was the “A-Ha!” moment for this topic. I wondered, what are the ideal places to fit security code into MVC? In my presentation, I talk about why each piece goes where it does. I also dig into some real world examples (Ruby on Rails, Struts, ASP.NET) that do and don’t implement these security patterns.
My colleague from Foundstone, Rudolph Araujo, is also presenting there. I have no doubt that his talk on Security Code Reviews will be filled with insight and real-world experience.
Send me an email if you’re going to be at the show or at TechMash and want to meet up.