http://blogs.msdn.com/varun_sharma/archive/tags/Security+Conference_2F00_+Workshop/default.aspxTags: Security Conference/ Workshopen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/varun_sharma/archive/2009/06/20/technet-webcast-configuring-with-least-privilege-in-sql-server-2008.aspxSat, 20 Jun 2009 23:00:09 GMT91d46819-8472-40ad-a661-2c78acb4018c:9793958Varun Sharma0http://blogs.msdn.com/varun_sharma/comments/9793958.aspxhttp://blogs.msdn.com/varun_sharma/commentrss.aspx?PostID=9793958<p>I recently presented a TechNet Webcast on the topic “Configuring with Least Privilege in SQL Server 2008”. </p> <p>The topics covered in the Webcast are:-</p> <p>1. Configuring SQL Server service accounts with least privilege. Service isolation is also explained. </p> <p>2. Configuring accounts connecting to SQL Server from a Web application (Principals) with least privilege. </p> <p>3. Running xp_cmdshell with a proxy so that the account invoking xp_cmdshell need not be a sysadmin.</p> <p>4. Running SQL Server jobs with least privilege. </p> <p>The Webcast can be viewed here:-</p> <p><a title="http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&amp;EventID=1032415807&amp;CountryCode=US" href="http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&amp;EventID=1032415807&amp;CountryCode=US">http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&amp;EventID=1032415807&amp;CountryCode=US</a></p><img src="http://blogs.msdn.com/aggbug.aspx?PostID=9793958" width="1" height="1">Least PrivSecurity Conference/ Workshophttp://blogs.msdn.com/varun_sharma/archive/2009/02/16/virtual-techdays-top-5-web-application-security-bugs-in-custom-code.aspxMon, 16 Feb 2009 07:23:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:9425301Varun Sharma1http://blogs.msdn.com/varun_sharma/comments/9425301.aspxhttp://blogs.msdn.com/varun_sharma/commentrss.aspx?PostID=9425301<P>Microsoft <A href="http://www.virtualtechdays.com/home.aspx" mce_href="http://www.virtualtechdays.com/home.aspx">Virtual TechDays</A> is starting from the 18th February 09. In the <A href="http://www.virtualtechdays.com/Agenda.aspx?Event=10" mce_href="http://www.virtualtechdays.com/Agenda.aspx?Event=10">security track</A>, I will be presenting on the topic “Top 5 Web Application Security bugs in custom code”. As a security engineer in the <A class="" href="http://blogs.msdn.com/ace_team" mce_href="http://blogs.msdn.com/ace_team">ACE Team</A>, I have been reviewing line-of-business applications for the past two years. In this presentation, I will talk about the most common security mistakes that developers make while writing code. Since developers from various geographical locations tend to make the same mistakes, the audience can take back a lot of practical knowledge and apply it to secure their applications. </P><img src="http://blogs.msdn.com/aggbug.aspx?PostID=9425301" width="1" height="1">Security Conference/ Workshophttp://blogs.msdn.com/varun_sharma/archive/2008/11/24/nasscom-dsci-information-security-summit-2008-security-tutorial.aspxMon, 24 Nov 2008 14:38:13 GMT91d46819-8472-40ad-a661-2c78acb4018c:9136839Varun Sharma2http://blogs.msdn.com/varun_sharma/comments/9136839.aspxhttp://blogs.msdn.com/varun_sharma/commentrss.aspx?PostID=9136839<p></p> <p>My colleague Sagar and I will be conducting an application security workshop at the NASSCOM – DSCI Information Security Summit 2008 on the 1st December in IIIT, Hyderabad, India. </p> <p>More information can be found here:- </p> <p></p> <p></p> <p><a title="http://www.nasscom.in/Nasscom/Templates/CustomEvents.aspx?id=55164" href="http://www.nasscom.in/Nasscom/Templates/CustomEvents.aspx?id=55164">http://www.nasscom.in/Nasscom/Templates/CustomEvents.aspx?id=55164</a>&#160;</p> <p>The agenda is here:-</p> <p><a title="http://www.nasscom.in/upload/59314/Agenda_Tutorial.pdf" href="http://www.nasscom.in/upload/59314/Agenda_Tutorial.pdf">http://www.nasscom.in/upload/59314/Agenda_Tutorial.pdf</a></p><img src="http://blogs.msdn.com/aggbug.aspx?PostID=9136839" width="1" height="1">Security Conference/ Workshophttp://blogs.msdn.com/varun_sharma/archive/2007/11/26/clubhack-2007-i-will-be-presenting-some-subtle-security-flaws.aspxMon, 26 Nov 2007 14:52:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:6529794Varun Sharma0http://blogs.msdn.com/varun_sharma/comments/6529794.aspxhttp://blogs.msdn.com/varun_sharma/commentrss.aspx?PostID=6529794<P mce_keep="true">In its own words, "<A class="" href="http://www.clubhack.com/index.html" mce_href="http://www.clubhack.com/index.html">ClubHACK</A> is one of its kind hacker's convention in India which serves as a meeting place for hackers, security professionals, law enforcement agencies and all other security enthusiasts."</P> <P mce_keep="true">At ClubHACK, I will <A class="" href="http://www.clubhack.com/speakers.html#Varun_Sharma" mce_href="http://www.clubhack.com/speakers.html#Varun_Sharma">talk</A> about some interesting and subtle security flaws found while assessing business applications, which principles were not followed that resulted in the flaws and why, no matter how good a developer you are, you should always follow the basic principles of software security.</P><img src="http://blogs.msdn.com/aggbug.aspx?PostID=6529794" width="1" height="1">Security Conference/ Workshop