TechNet Webcast: Configuring with Least Privilege in SQL Server 2008

I recently presented a TechNet Webcast on the topic “Configuring with Least Privilege in SQL Server 2008”. The topics covered in the Webcast are:- 1. Configuring SQL Server service accounts with least privilege. Service isolation is also explained. 2. Configuring accounts connecting to SQL Server from a Web application (Principals) with least privilege. 3. Running…


Virtual techdays: Top 5 Web Application security bugs in custom code

Microsoft Virtual TechDays is starting from the 18th February 09. In the security track, I will be presenting on the topic “Top 5 Web Application Security bugs in custom code”. As a security engineer in the ACE Team, I have been reviewing line-of-business applications for the past two years. In this presentation, I will talk…


NASSCOM – DSCI Information Security Summit 2008 Security Tutorial

My colleague Sagar and I will be conducting an application security workshop at the NASSCOM – DSCI Information Security Summit 2008 on the 1st December in IIIT, Hyderabad, India. More information can be found here:-  The agenda is here:-


ClubHACK 2007: I will be presenting some “Subtle Security Flaws”

In its own words, “ClubHACK is one of its kind hacker’s convention in India which serves as a meeting place for hackers, security professionals, law enforcement agencies and all other security enthusiasts.” At ClubHACK, I will talk about some interesting and subtle security flaws found while assessing business applications, which principles were not followed that…