I haven't been blogging much lately as I have been very busy getting a Release 2.0 shipped. In the past month, though, I have been working on some ideas for an upcoming conference. Yesterday, I got confirmation I will be speaking at WinDev 2004 this coming October. I will be speaking under the new Security for Developers track headed by Keith Brown.
Update: The speaker page has been updated.
These are my topics:
Writing least privilege apps
Most users work on computers where they don't have administrator privileges. Some applications require administrator privileges, hence forcing users to either run with higher privileges, or not use the products at all. Running with higher privileges can lead to serious security problems.
The solution is for developers to learn to write least-privileged applications. Writing least-privileged applications is not easy--it is something that needs to be learned as well as learning a new lifestyle. In this talk, I will introduce practical ways to develop least-privileged applications in .Net. Also, the developer will learn the lifestyle changes recommended for writing effective least-privileged applications.
Hosting applications in secure AppDomains
The .Net Framework gives developers the ability to write trusted applications that can load and control other assemblies. This technique is called hosting and it is a powerful way to extend the .Net Framework security system when developing pluggable components. In this talk, I will describe how AppDomains can be created and used to isolate assemblies as well as how to control the trust levels associated with code in the AppDomains. I will also introduce developers to the CLR hosting API, as well as techniques used to secure unmanaged clients.