I was noticing John Lam's two posts this morning on .Net Security: Securing ASP.NET using Enterprise Services and Improving Web Application Security: Threats and Countermeasures rocks. These are some areas that I have also been thinking about lately.
For the next couple of weeks, I am presenting talks on Security Coding: Best Practices to the development and QA teams where I work. I will be presenting two parts:
Part 1 will be a general best practices for security (beware user input, buffer overruns, SQL injections, etc.)
and
Part 2 will be a .Net specific security practices (code access security, identity and principal concepts, and authenticated token usage).
I have been interested in security coding for the last 3-4 years and have devoted a lot of time to learning all I can. This will be my first time to actually present what I have learned. I am really looking forward to it, and I hope/plan to do more presenting on topics like these in the future.
