The SOA concept is becoming popular and thus, more and more applications are designed as a composition of services. This creates agility, promote reuse but brings many new challenges in the security arena.
In this talk we will discuss those challenges and focus on testing procedures that should be a part of any distributed composite application test plan.

Distributed application uses different kinds of infrastructure. Each has its own view about security.
We will look at important pieces of infrastructure like WCF for connectivity, BizTalk (ESB) for integration, WF for orchestration and SharePoint for Human Business services. We will discuss each infrastructure security model and understand how to combine those to a holistic model for our systems.

Designing a security model for a system which is actually a composition of many other systems and services with their own security model is not a trivial task.
Testing such a model is much more difficult. We will discuss this issue with a focus on practical guidance to be implemented.

Distributed composite applications demands attention in application security design implementation and testing. This talk is designed to help you do that.