Thursday, July 4, 2002

Happy belated birthday, Sam Gentile! I'm not sure how belated, because I'm 12 hours ahead of him right now... my internal clock is topsy-turvy. 10:40:50 PM

David Rhoades of Maven Security gave a great talk this morning where he demonstrated the use of various tools to modify HTTP requests in-transit and audit the security of a web application. HTTPush is a very powerful proxy application--after you click a link or submit a form, it takes you to an HTML form where you can tweak various aspects of the request (cookies, form data, etc.) before it's actually sent to the web server. It was a very illuminating talk. David is involved in the OWASP project, which you must check out if you want to learn more about web application security. 2:12:28 PM

I'm having a great time at this conference. There are speakers from Microsoft, IBM, BEA, and Sun, and a lot of talk about Web Services. Between Q&A, breaks, and lunch, people have had lots of opportunities to talk to each other. It is so important to get competing players in the same room, clear the air of FUD, and talk to each other about the real issues. I'll be moderating a panel this afternoon where those speakers will sit down and talk about .NET/J2EE interop. 2:08:34 PM

I'm at the National Web Security 2002 conference, at Colin Png's talk on Integrating Web Services - a holistic approach. He just mentioned something that really caught my attention: ".NET MySingapore: Aggregated and Connected Citizen Communities Services." I'll have to find more information about that. Colin is the Director for .NET and Developer, Microsoft Asia. 1:56:57 PM