Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

New England Code Camp 7 -- Slides and Code

Tuesday, April 3, 2007 Comments

 .NET  Books  Personal  Security  Speaking 
Share:   Share on LinkedIn    Share on Twitter    Share on Facebook   

I have posted the slide decks and demo code I used for my talks this past weekend at the New England Code Camp 7 - Deer in Headlights conference. You can find the files here.

My talks were:

  • How to Perform a Secure Code Review
  • Protecting Data with SQL Server 2005

Both talks went really well, I think. Thanks to everyone who attended the talks -- there were very good questions and I was very encouraged that it seemed many caught the "secure development" bug as a result of the talks.

With the SQL Server 2005 talk, I went through some sample scripts that have been very useful to me in storing encrypted data as well as searching encrypted data (based on the great work and information found at Laurentiu Cristofor's blog and Raul Garcia's blog).

Special thanks to Rudolf Araujo's (from Foundstone and fellow Microsoft Security Developer MVP) for use of the Threat Modeling slides in my Secure Code Review talk. One reference I didn't mention at the time, but have since included in my slide deck, is the book The Art of Software Security Assessment by Mark Dowd, John McDonald, and Justin Schuh -- a fantastic book for secure code reviewers that is destined to be a classic.

Also, while I am at it, and you are looking for a secure code reviewier, please consider my company. As you look for reviewers, also be sure to read Mark Curphey's (also another Microsoft Security Developer MVP) excellent post on Top Ten Tips for Hiring Security Code Reviewers before you hire anyone.

Share:   Share on LinkedIn    Share on Twitter    Share on Facebook