Tags

Contents tagged with Security

Make Threat Modeling Work For You at O'Reilly Software Architecture Conference

3/7/2016

 Architecture    Security    Threat Modeling    Speaking   
Over the past couple of years, I have been speaking about, writing about, and helping companies and their teams with addressing issues in software... Read more

Your Website: If you like it you should put an S on it - guest blog post

12/16/2015

 Security    Business    Software Security   
Below is a guest blog post to the Hartford Springfield Speaker's Network blog posted on 12/12/2015. As I mentioned in my... Read more

Thinking about security in your company - guest blog post

11/30/2015

 Security    Business    Threat Modeling    Speaking    Software Security   
Earlier this month, I spoke atthe Hartford Springfield Speaker's Networkmeeting as one of the spotlight speakers. You can catch a video of it on my... Read more

Threat Modeling for Secure Software Design slide decks - November, 2015

11/22/2015

 Security    Speaking    Threat Modeling    Software Security   
I spoke a couple times this past week on the topic of "Threat Modeling for Secure Software Design". Here are the decks (there are some slight... Read more

How to Make Threat Modeling Work for You - Slides from BASC 2015, October, 2015

10/4/2015

 Threat Modeling    Security    Speaking   
Here are the slides from "How to Make Threat Modeling Work for You" talk at BASC 2015 (10/3/2015):SlidesThank you! Read more

How to Make Threat Modeling Work for You - Slides from TECH Intersection, September, 2015

9/16/2015

 Threat Modeling    Security    Speaking   
Here are the slides from "How to Make Threat Modeling Work for You" talk at TECHIntersection today (9/16/2015):SlidesThank you! Read more

Threat Modeling one-day or half-day workshop opportunities available in the San Francisco Bay Area, CA in September, 2015

8/18/2015

 Security    Threat Modeling    Secure SDLC    Speaking   
As I mentionedpreviously, I am speaking at TECHIntersectionin September 14 - 17, 2015 on topics in Threat Modeling and Secure SDLC. I have been... Read more

Speaking at TECHIntersection on September 14-17, 2015 on Threat Modeling

8/17/2015

 Security    Threat Modeling    Secure SDLC    Software Security    Speaking   
Read more

Two new Threat Modeling books

7/1/2015

 Security    Threat Modeling    Architecture    Books   
There are a couple of new Threat Modeling books released in May, 2015 that I have been interested in reading and reviewing. I received both a few days... Read more

Microsoft MVP Developer Security - 2015

7/1/2015

 Security    .NET    Architecture    Speaking   
I received notice today I have been awarded a Microsoft MVP for 2015 in the area of Developer Security.Thank you Microsoft, my new MVP lead, and all... Read more

Speaking on Avoiding Common Security Issues with Javascript Web Applications

3/12/2015

 Speaking    Security    Javascript   
I proposed two talks to the Boston Code Camp 23conference held next week, but because of the great turn out of speakers (33!), each of us received... Read more

Speaking at Security BSides Boston 2015 Con on Threat Modeling

3/11/2015

 Security    Speaking    Threat Modeling   
I received news my proposed talk on "Is Threat Modeling for Me?" was accepted for the Security BSides Boston 2015 Con(Twitter: @@bsidesboston) on May... Read more

RunAsRadio podcast - Threat Modeling

2/17/2015

 Speaking    Security    Podcast    Threat Modeling   
Last week, the RunAsRadio podcast featuring my talk with Richard Campbell (Twitter and .NET Rocks) on Threat Modeling went live. You can listen here... Read more

Boston .NET Architecture Group meeting - 2/18/2015 - Igor Moochnick on DevOps: the industry overview, why and how

2/17/2015

 Speaking    Architecture    DevOps    Security   
Igor Moochnick (Twitter and Website) will be speaking to the Boston .NET Architecture Group(meets in Waltham, MA at the Magenic offices 6-8 pm EST)... Read more

Podcast on Software Security

12/16/2014

 Security    ASP.NET MVC    Speaking    Web Services    Podcast   
A couple of months ago I was interviewed by Bryan Hogan for a Podcast on Software Security. It is now available. Read more

Securing Your ASP.NET MVC Application - Western Mass MS Tech Users Group

10/9/2014

 Security    Web Services    ASP.NET MVC    Speaking   
I am speaking tonight at the Western Mass Microsoft Technology Users Group on Securing your ASP.NET MVC Application. I have added a few new items... Read more

Securing Your ASP.NET MVC Application - Microsoft DevBoston

8/14/2014

 Speaking    Security    ASP.NET MVC   
I am speaking tonight on ASP.NET MVC Security at Microsoft DevBoston. Read more

Two new Microsoft Security Developement Lifecycle (SDL) tools: MiniFuzz File Fuzzer and BinScope Binary Analyzer

9/17/2009

 .NET    ArchitecturePatterns    Security   
Read more

PDC 2008 - Geneva Identity Management

10/28/2008

 .NET    Security    WCFIndigo    Web Services   
Read more

MVP 2008 - thanks again!

1/1/2008

 .NET    Personal    Security   
Read more

WCF 3.5 will support Usernames over Transport Authentication

10/31/2007

 .NET    ArchitecturePatterns    Security    Service Orientation (SO)    WCFIndigo    Web Services   
Like Dominick Baier and Christian Weyerof Thinktecture, I also wondered why I couldn't use a UsernameToken with Transport Security in WCF v.1. I... Read more

Heartland Developers Conference 2007 wrap-up

10/22/2007

 .NET    ArchitecturePatterns    Database Development    Personal    Security    Service Orientation (SO)    Speaking    WCFIndigo    Web Services   
Once again, for the 4th year in a row, I enjoyed the one conference I make sure to book well in advance. I haven't traveled to conferences as much... Read more

Speaking at New England Code Camp 8 this weekend

9/24/2007

 .NET    ArchitecturePatterns    ASP.NET    Security    Speaking   
Read more

Speaking on Web Services Security at Boston .NET User Group on 9/12/2007

9/9/2007

 .NET    ArchitecturePatterns    Security    Service Orientation (SO)    Speaking    WCFIndigo    Web Services   
Read more

Take a look at LiveId + CardSpace

8/29/2007

 .NET    ArchitecturePatterns    ASP.NET    Security    WCFIndigo   
Read more

Another TDD and DDD success story

7/16/2007

 .NET    ArchitecturePatterns    ASP.NET    Extreme Programming    Security    System.Transactions    WCFIndigo    Web Services   
Read more

Slides on Windows CardSpace talk and further resources

6/20/2007

 .NET    ArchitecturePatterns    ASP.NET    Personal    Security    Speaking    WCFIndigo   
Read more

Speaking on Windows CardSpace at Southern CT .NET Group on June 12

6/4/2007

 .NET    ArchitecturePatterns    ASP.NET    Security    Speaking    WCFIndigo    Web Services   
Read more

Watch for Javascript Hijacking in your AJAX applications

4/4/2007

 .NET    ArchitecturePatterns    ASP.NET    Security   
Over the weekend at the New England Code Camp 7 conference, I mentioned briefly about some of the potential security problems with AJAX. Dana Epp has... Read more

New England Code Camp 7 -- Slides and Code

4/3/2007

 .NET    Books    Personal    Security    Speaking   
I have posted the slide decks and demo code I used for my talks this past weekend at the New England Code Camp 7 - Deer in Headlightsconference. You... Read more

SANS' new Software Security Institute

3/28/2007

 .NET    Personal    Security   
I found a veryencouraging announcement today: SANS has created the new Software Security Institute (SSI) (link) which is aexam program designed to... Read more

Speaking at New England Code Camp 7: Deer in Headlights

3/26/2007

 .NET    ArchitecturePatterns    ASP.NET    Database Development    Security    Speaking   
I will be speaking this weekend, March 31-April 1, at the New England Code Camp 7: Deer in Headlights located at the Microsoft, Waltham, MA offices. I... Read more

Threat Modeling for Web Applications -- Western Mass .NET User Group

3/5/2007

 .NET    ArchitecturePatterns    Security    Speaking   
I will be speaking tomorrow night on "Threat Modeling for Web Applications" at the Western Mass .NET User Group meeting in Easthampton, MA. The... Read more

Microsoft MVP Award for Visual Developer - Security in 2007

1/2/2007

 .NET    Personal    Security   
I have been heads down design and coding for the last 2 1/2 half weeks on an interesting WCF project (yes, unfortunately, even over the holidays -- I... Read more

SysInternals Suite on Microsoft.com

11/8/2006

 .NET    ArchitecturePatterns    Security   
Yesterday, I used the wonderful tools from SysInternals for troubleshooting some of the new VC++ 2005 SxS issues I had with my port from VC++ 2003 to... Read more

Boston Code Camp 6 slides posted

10/24/2006

 .NET    ArchitecturePatterns    Security    Speaking   
My slides for the Boston Code Camp 6 this past weekend have been posted on my site. My sessions were well attended and I got very good comments on... Read more

Boston Code Camp 6 Update

10/18/2006

 .NET    ArchitecturePatterns    ASP.NET    Security    Speaking   
My plans have changed for this weekend, so I will be presenting more topics at the Boston Code Camp 6 (the schedule has been posted). This time, the... Read more

.NET 3.0 Roadshow/WCF Training

10/10/2006

 .NET    ArchitecturePatterns    Security    Service Orientation (SO)    Smart Clients    System.Transactions    WCFIndigo    Web Services   
Read more

Upcoming speaking schedule

10/4/2006

 .NET    ArchitecturePatterns    ASP.NET    Database Development    Personal    Security    Speaking    System.Transactions   
I have been busy with a great architecture project lately that I have mentioned previously. I have also been finalizing slides and demos and making... Read more

Secure Code Reviews talk at Beantown .NET User Group on Sept. 7

8/28/2006

 .NET    Personal    Security    Speaking   
I will be speaking at the Beantown .NET User Group meeting, Boston, from 5:30 pm to 7:30 pm on Thursday, September 7. Here is the topic and... Read more

Tips for Security Code Reviews

8/4/2006

 .NET    Security   
Occasionally, I am called upon to do a security code review. I enjoy the process and I recommend it to every shop that writes software to regularly... Read more

ASP.NET 2.0 Security Reference Implementation

7/28/2006

 .NET    ArchitecturePatterns    ASP.NET    Personal    Security   
I have been silent for the last month or so, but I am hoping to get back into writing again. July was an eventful month for me. I turned 38 (July 10),... Read more

Threat Analysis and Modeling Tool v. 2.0 (RTM) is available

7/8/2006

 .NET    ASP.NET    Personal    Security   
Read more

Security Development Lifecycle book and Threat Tree Patterns

6/16/2006

 .NET    ArchitecturePatterns    Books    Personal    Security   
Read more

WCF and Security solutions

6/14/2006

 .NET    ArchitecturePatterns    Security    Service Orientation (SO)    Smart Clients    WCFIndigo    Web Services   
Read more

TechEd 2006 this week

6/12/2006

 .NET    ArchitecturePatterns    Books    Database Development    Personal    Security    Service Orientation (SO)    System.Transactions    WCFIndigo    Web Services   
Read more

RC1 for Threat Modeling tool available

5/26/2006

 .NET    ASP.NET    Security   
One of my talks at the New England Code Camp 5 was "Threat Modeling for Web Applications". At the end of the talk, I did a demo showing the new Threat... Read more

Resources from recent talks

5/25/2006

 .NET    Database Development    Personal    Security    Speaking    System.Transactions   
Read more

Working, speaking, and generally busy

5/5/2006

 .NET    ArchitecturePatterns    ASP.NET    Database Development    Personal    Security    Smart Clients    Speaking    System.Transactions   
Read more

BoF session for voting: Developing as a Non-Administrator in XP and Vista

3/31/2006

 .NET    Personal    Security    Speaking   
A little late (voting ends today at 5:00 pm), but I have submitted a Birds of a Feather (BoF) session for TechEd 2006:Developing as a... Read more

WCF and Federation security options

3/15/2006

 .NET    Security    Service Orientation (SO)    WCFIndigo   
Read more

Threat Modeling blog

2/27/2006

 .NET    ArchitecturePatterns    ASP.NET    Security   
The Microsoft ACE Team has put together a specific blog on Threat Modeling [found again (again as inI can't remember where I saw the original link... Read more

Security people break into Vegas?

2/24/2006

 .NET    ArchitecturePatterns    ASP.NET    Database Development    Personal    Security    Service Orientation (SO)   
Read more

Anti-Cross Site Scripting Library for .NET web applications

2/23/2006

 .NET    ASP.NET    Security    Web Services   
Read more

WCF: No partial trust support

2/20/2006

 .NET    ArchitecturePatterns    COMPlus EnterpriseServices    Security    WCFIndigo    Web Services   
This has been circulating among the .NET security community for several months, and now finally, we have "official" word that Windows Communication... Read more

Credential Management for .NET 2.0 article

2/19/2006

 .NET    ArchitecturePatterns    Security   
Read more

ClickOnce security issues

2/19/2006

 .NET    ArchitecturePatterns    Security   
Dominick Baierhas posted (titled Beware (=be aware) of ClickOnce default Settings) some startling results from research he completed with the .NET 2.0... Read more

Hacker tricks to exploit SQL Server

2/16/2006

 .NET    Database Development    Security   
Chip Andrews points to this articlecalled Ten hacker tricks to exploit SQL Server systemsby Kevin Beaver. In my opinion, this article is good for many... Read more

Fixing LUA bugs series

2/16/2006

 .NET    ArchitecturePatterns    Security   
Aaron Margosis is posting a series of posts on "LUA" bugs, including what they are (and what aren't bugs) and how to fix them. As always, excellent... Read more

Article on AJAX Security

2/16/2006

 .NET    ArchitecturePatterns    ASP.NET    Security   
Read more

Upcoming speaking events

2/15/2006

 .NET    ArchitecturePatterns    Personal    Security    Service Orientation (SO)    Speaking    System.Transactions    Web Services   
Read more

Software Security: Building Security In book

2/14/2006

 .NET    ArchitecturePatterns    Books    Personal    Security   
Read more

Secure Coding in C and C++ book

2/4/2006

 .NET    Books    Personal    Security   
Read more

Be sure to audit your ASP.NET 2.0 application

2/4/2006

 .NET    ArchitecturePatterns    ASP.NET    Personal    Security   
Read more

ASP.NET 2.0 Security, Membership, and Role Management resources

2/4/2006

 .NET    ArchitecturePatterns    ASP.NET    Books    Security   
I often get questions at conferences about the new ASP.NET 2.0 security features including membership and role management. Also, in particular, I get... Read more

VSLive San Francisco 2006 - .NET 2.0 Security talk

2/2/2006

 .NET    ASP.NET    Personal    Security    Speaking   
Yesterday's session on "Leveraging .NET 2.0 Security Features" went quite well. I have posted slides and code on my site here.This was the first time... Read more

SQL Server 2005 JDBC driver experiences

1/29/2006

 .NET    Database Development    Security   
I have been doing a fair amount of development in VC++, Java, and .NET 2.0 lately for one large project that is finally winding down after almost a... Read more

Security Mini-Code Camp (New England)

1/23/2006

 .NET    Security   
Read more

LUA on Windows XP

1/19/2006

 .NET    Personal    Security   
Microsoft released a new whitepaper from theMicrosoft Solutions for Security and Compliance group (MSSC) on "Applying the Principle of Least Privilege... Read more

MVP 2006

1/4/2006

 .NET    Personal    Security   
Congratulations to all new and returning MVPs!I have been awarded again (2nd year) as a Microsoft Security Developer MVP for 2006. It has been a great... Read more

Happy New Year 2006 (with some security thrown in)

1/1/2006

 .NET    Database Development    Personal    Security   
I hope and wish everyone a very Happy and Prosperous New Year 2006! I am finally catching up on some blog reading this weekend and found a couple of... Read more

Security talk at VSLive! in San Francisco

12/29/2005

 .NET    ArchitecturePatterns    ASP.NET    Personal    Security    Speaking   
It has been a busy month and a half since I last blogged -- too busy. But, it has been fun as I have done a few security code audits, lots of... Read more

My HDC Podcast on Security is Live

11/18/2005

 .NET    ArchitecturePatterns    Database Development    Personal    Security    Speaking   
Read more

DREAD is dead

11/15/2005

 .NET    ArchitecturePatterns    Personal    Security    Speaking   
Read more

NESQL User Group meeting recap

11/11/2005

 .NET    ArchitecturePatterns    Database Development    Personal    Security    Speaking   
Read more

Speaking on SQL Server Security at NESQL Group (tonight)

11/10/2005

 .NET    Database Development    Personal    Security    Speaking   
I will be speaking tonight to the New England SQL Server User Group at Microsoft in Waltham, MA. My friend Andrew Novick will give a talk on SQL... Read more

MAD Security Code Camp photos

11/10/2005

 .NET    Personal    Security    Speaking   
The MAD Security Code Camp site has been updated with photos from the event. This one is priceless. Read more

Boston VS2005 and SQL2005 Cabana Night recap

11/8/2005

 .NET    ArchitecturePatterns    ASP.NET    Database Development    Personal    Security    Speaking    Web Services   
Read more

Computerworld article on release of SQL Server 2005

11/7/2005

 Database Development    Personal    Security   
I was questioned briefly last week forthis article in Computerworld:Robert Hurlbut, an independent software consultant in Worcester, Mass., said SQL... Read more

Boston VS2005 and SQL2005 Cabana Night: Ask the Experts (tonight)

11/7/2005

 .NET    .NET Remoting    ADO.NET    ArchitecturePatterns    ASP.NET    CLR    Database Development    Personal    Security    Smart Clients    Speaking    System.Transactions    Web Services   
Read more

OWASP Boston Chapter Meeting recap

11/3/2005

 .NET    ArchitecturePatterns    ASP.NET    Books    Personal    Security    Speaking    Web Services   
Read more

MAD Security Code Camp recap

10/31/2005

 .NET    Personal    Security    Speaking   
Read more

Speaking on Threat Modeling for Web Applications at OWASP Boston

10/26/2005

 .NET    ArchitecturePatterns    ASP.NET    Personal    Security    Speaking   
I will be speaking on Threat Modeling for Web Applications at the local OWASP Boston chapter meeting on November 2, at the Microsoft, Waltham, MA... Read more

MAD Security Code Camp Schedule

10/25/2005

 .NET    Personal    Security    Speaking   
Read more

HDC 2005 Recap and VSLive! update

10/16/2005

 .NET    ArchitecturePatterns    ASP.NET    Database Development    Personal    Security    Speaking   
Read more

VSLive! Orlando Recap

10/14/2005

 .NET    .NET Remoting    ArchitecturePatterns    ASP.NET    Personal    Security    Speaking   
I had a great time in Orlando at VSLive!. The hotel we stayed at (Walt Disney World Dolphin Hotel)is amazing! This hotel is HUGE ... several of us... Read more

At HDC 2005

10/14/2005

 .NET    ASP.NET    Database Development    Personal    Security    Speaking   
Read more

Framework Design Guidelines

10/9/2005

 .NET    ArchitecturePatterns    Books    Extreme Programming    Personal    Security    Speaking   
Read more

Check out annual MSDN Magazine Security issue

10/9/2005

 .NET    CLR    Personal    Security   
I was excited to see Shawn Farkas' article available on "Discover Techniques for Safely Hosting Untrusted Add-Ins with the .NET Framework 2.0", which... Read more

Speaking at MAD Security Code Camp on Oct. 29

10/8/2005

 .NET    Personal    Security    Speaking   
I will be speaking at the Mid-Atlantic (MAD) Security Code Camp at the Microsoft offices in Reston, VA on October 29. I am really looking forward to... Read more

Looking for new opportunities

10/4/2005

 .NET    .NET Remoting    ADO.NET    ArchitecturePatterns    ASP.NET    COMPlus EnterpriseServices    Database Development    Extreme Programming    Personal    Security    Service Orientation (SO)    Smart Clients    Speaking    Web Services   
Read more

MVP Summit recap

10/3/2005

 .NET    CLR    Personal    Rotor    Security   
Read more

New Security Features in VS 2005

9/30/2005

 .NET    ArchitecturePatterns    Personal    Security   
Brian Johnson has written a new article on MSDN describing the new security features of Visual Studio 2005. Take a look -- I have been playing with... Read more

Code Camp 4 Recap

9/26/2005

 .NET    ArchitecturePatterns    ASP.NET    COMPlus EnterpriseServices    Personal    Security    System.Transactions   
I am catching up after another very successful New England Code Camp weekend. I am getting ready to head out to the MVP Global Summit 2005in Seattle,... Read more

Upcoming speaking events

9/18/2005

 .NET    COMPlus EnterpriseServices    Database Development    Personal    Security    Speaking   
I have been working on severalpresentations on security,SQL Server, and transactions topicsfor upcoming conferences and user group talks. These always... Read more

Rootkits book

9/15/2005

 .NET    Books    Personal    Security   
A couple of weeks ago while flying to and from Microsoft in Redmond, I read most of this book (still finishing it between bits of spare time on my... Read more

Follow-up on Devscovery

9/4/2005

 .NET    Extreme Programming    Personal    Security   
Read more

Least privileged user access for developers

8/28/2005

 .NET    Personal    Security   
Nigel Watling (great start of a blog, by the way -- subscribed! RSS) has a very nice summary of some material on developing as a non-administrator and... Read more

What's new for Security in .NET 2.0

8/26/2005

 .NET    Personal    Security    Speaking   
Shawn Farkas has posted an excellent summary of the newest features and changes for Security in .NET 2.0 on his blog. He also links to Keith Brown and... Read more

Finding web sites that exploit browser vulnerabilities

8/16/2005

 ASP.NET    Security   
Read more

Security How To Index

8/13/2005

 .NET    Personal    Security   
I am putting this here as a nice placeholder (for myself and others):The patterns and practices folks have just updated their list of Security-related... Read more

MAD Security Code Camp

8/11/2005

 .NET    Security   
Read more

Don't be a Security Sinner

8/11/2005

 .NET    Books    Personal    Security   
Read more

Writing Secure Code with Visual Studio 2005

7/23/2005

 .NET    Security   
Rick Samona has a webcast on MSDN TV discussing how developers can write secure code using the new enhancements in Visual Studio 2005. Take about... Read more

Speaking on .NET 2.0 Security at HDC 2005

7/20/2005

 .NET    Personal    Security    Speaking   
I will be speaking at the Heartland Developers Conference 2005 in Cedar Rapids, Iowa on October 12-14, 2005. My topic will be Security Changes in .NET... Read more

Book: The 19 Deadly Sins of Software Security

7/12/2005

 .NET    Books    Personal    Security   
Read more

Web Services Security talk

7/8/2005

 .NET    Personal    Security    Service Orientation (SO)    Web Services   
It's been a busy week, but I had a chance to attenda talk this week. By chance, I happened to catch the local OWASP (Open Web Application Security... Read more

Book: Honeypots for Windows

7/8/2005

 Books    Personal    Security   
I received this book, Honeypots for Windows by Roger A. Grimes (published by Apress), a couple of months ago to review. I have read a chapter hear and... Read more

Developers and Cryptography

7/5/2005

 .NET    Security   
Larry Ostermanoffers some words of wisdom regarding the differnce between a developer understanding cryptography (as in "which algorithm should I use"... Read more

VSLive! Boston - Secure Plug-In Applications

7/1/2005

 .NET    Personal    Security    Speaking   
I spent the last couple of days at VSLive! Boston. I gave a talk on Wednesday on "Writing Secure Plug-Ins Applications in .NET". You can pick up the... Read more

Visual Developer - Security MVP

7/1/2005

 .NET    Personal    Security   
I was informed that today it is official: I have been moved from the Visual C# MVP group into the newly formed Application Developer Security MVP... Read more

Dinner with a CAS guru

6/23/2005

 .NET    ArchitecturePatterns    Database Development    Personal    Security   
One highlight (among many) of my stay in Montreal for DevTeachwas meeting Montreal natives Nicole Calinoiu and her husband Michel Bordeleau for dinner... Read more

TechEd Day 3: Least Privilege

6/13/2005

 .NET    Personal    Security   
Read more

TechEd Day 1 and 2: CSI Cabana, ship dates, and SQL Server 2005 June CTP

6/7/2005

 .NET    ADO.NET    ArchitecturePatterns    COMPlus EnterpriseServices    Database Development    Security    Service Orientation (SO)   
Read more

SQL Injection article

6/6/2005

 .NET    Personal    Security   
One of my first published articles came out a few days agoin the June, 2005 issue of .NET Developers Journal.This is a security focused issue with... Read more

Security Samurai

5/19/2005

 .NET    Personal    Security   
Eric Marvets, the Security Samurai, who spoke at last weekend's Atlanta Code Camp, now has a security blog. Eric did some work for me (through my... Read more

Threat Modeling for Web Applications

5/18/2005

 .NET    ArchitecturePatterns    ASP.NET    Security   
This is a nice welcome addition to the threat modeling literature, and especially for web application security. Take a look. Excellent resource!... Read more

TechEd: Non-Admin Development BOF

4/27/2005

 .NET    ArchitecturePatterns    Personal    Security    Speaking   
The TechEd BOF (Birds of a Feather) voting is over and mine wasaccepted. Here is the schedule:Developing software as a non-administrator -Wed, June... Read more

Tech Ed: Technical Expert at CSI Cabanas

4/20/2005

 .NET    .NET Remoting    ArchitecturePatterns    Personal    Security    Service Orientation (SO)    Speaking    Web Services   
I was asked last week and informed Friday that I was selected to be one of the Technical Experts at the Connected Systems Infrastructure (CSI) Track... Read more

Tree Surgeon - part 2

4/8/2005

 .NET    ArchitecturePatterns    Extreme Programming    Personal    Security   
Read more

Tree Surgeon - very nice tool, but security issues

4/6/2005

 .NET    ArchitecturePatterns    Extreme Programming    Personal    Security   
Read more

Windows Server 2003 SP1: second impressions

4/1/2005

 .NET    ArchitecturePatterns    Personal    Security   
Read more

Windows Server 2003 SP1: first impressions

3/31/2005

 .NET    ArchitecturePatterns    Personal    Security   
As you may know, the long awaited Windows Server 2003 SP1 has finally reached RTM. Here is some technical information, and a Top Ten feature... Read more

Speaking at VSLive! Boston on Secure Plug-In Applications

3/23/2005

 .NET    ArchitecturePatterns    CLR    Rotor    Security    Speaking   
I noticed over the last couple of days my "Writing Secure Plug-in Applications in .NET" session is listed for VSLive! Boston. This talk is similar to... Read more

Trustworthy Computing Security Development Lifecycle

3/21/2005

 .NET    Security   
My friend Kevin Hegg mentioned this link to me on Friday, but it wasn't live yet. But, it is now: Michael Howard mentions it's "live" status at... Read more

Partial Trust and ASP.NET on MSDN TV

3/21/2005

 .NET    ASP.NET    Security   
There is an MSDN TV overview of writing partially trusted applications with ASP.NET [found by way of Dominick Baier]. Read more

Installed SQL Server 2005?

3/18/2005

 .NET    Database Development    Security   
Have you tried installing SQL Server 2005 yet? If so, how did it go for you?There is a survey the SQL Server team would like you to fill out:The Yukon... Read more

Code Camp III recap

3/15/2005

 .NET    ASP.NET    Database Development    Personal    Security    Speaking   
Read more

Detecting network sniffers

3/14/2005

 .NET    Database Development    Security    Speaking   
Read more

TechEd Security BOFs

3/10/2005

 .NET    Personal    Security    Speaking   
I submitted one of the first TechEd Birds of a Feather (BoF) sessions on this topic:Developing software as a non-administratorWe have all heard we... Read more

Speaking in Hartford, CT tonight

3/9/2005

 .NET    Security    Speaking   
I will be speaking tonight on .NET Security 101 at the Connecticut Access UsersGroup in Farmington, CT (correction: not in Hartford, but near... Read more

SHA1 concerns and implementing SHA256 and beyond

2/23/2005

 .NET    Personal    Security   
By now, I am sure you have seen or heardthe news about SHA1 being broken. In a somewhat timely fashion, I had been (re)reading Bruce Schnier and Niels... Read more

Rootkits revealed

2/23/2005

 .NET    ArchitecturePatterns    Security   
Daniele Muscetta (of Microsoft) posted a nice summary of some recent articles on Rootkits. He also included information on SysInternals' latest... Read more

Guerrilla Threat Modeling

2/23/2005

 .NET    ArchitecturePatterns    Security   
I saw this last night, and Dana Epp has posted a pointer:Peter Torr has done it again. He has written an EXCELLENTarticle on writing a practical... Read more

Web Services Edge East and Cabana Night

2/19/2005

 .NET    Personal    Security    Service Orientation (SO)    Web Services   
Read more

Speaking at DevTeach in Montreal on SQL Server 2005

2/19/2005

 .NET    ArchitecturePatterns    Database Development    Personal    Security    Speaking   
I will be speaking at DevTeach this year in Montreal, Canada on June 18-22, 2005.My topics (so far -- waiting on a couple of other proposals, but this... Read more

Speaking at Vermont .NET User Group in April

2/14/2005

 .NET    ArchitecturePatterns    Extreme Programming    Personal    Security    Speaking   
Read more

Least-Privileged Incompatibilities research

2/14/2005

 .NET    Security   
Read more

RI.NET User Group meeting cancelled tonight

2/10/2005

 .NET    Personal    Security    Speaking   
Read more

CT .NET User Group's new look

2/10/2005

 .NET    Personal    Security    Speaking   
Read more

Non-Admin Wiki site is up

2/4/2005

 .NET    Personal    Security   
Read more

Speaking on Security to Rhode Island .NET Users Group (Feb. 10)

2/2/2005

 .NET    Personal    Security    Speaking   
I will be speaking to the Rhode Island .NET Users Group (Providence, RI)on February 10. My topic is on security:Secure Coding for the .NET... Read more

Digital Blackbelt webcast series starts Friday

2/2/2005

 .NET    Security   
Joe Stagner is starting the Digital Blackbelt webcast series on security this Friday with the following topic:MSDN Webcast: Digital Blackbelt Series:... Read more

80 20 Rule for Web Application Security

1/31/2005

 .NET    ASP.NET    Security   
Read more

Security Tools List

1/30/2005

 Personal    Security   
Read more

ASP.NET Security Features to Fend Off Web Attacks

1/30/2005

 .NET    ASP.NET    Security   
[By way of Brian Johnson] Take Advantage of ASP.NET Built-in Features to Fend Off Web AttacksDino summarizes the most common types of Web attacks and... Read more

Enterprise Library and Non-Admin Development

1/29/2005

 .NET    ArchitecturePatterns    Security   
Read more

Enterprise Library 2005 available

1/28/2005

 .NET    ArchitecturePatterns    Personal    Security   
Read more

Windows Security Distilled

1/27/2005

 .NET    ArchitecturePatterns    Personal    Security   
I really like Ken Brubaker's post on Distilled: The .NET Developer's Guide to Windows Securitywhere he has summarized every item in Keith Brown's... Read more

Sample Application Security

1/25/2005

 .NET    ArchitecturePatterns    ASP.NET    COMPlus EnterpriseServices    Database Development    Security    Service Orientation (SO)   
Read more

Digital Blackbelt Series: Defend your code from attacks

1/21/2005

 .NET    Security   
This new series of Webcasts looks to be very good.Sign up at http://www.microsoft.com/seminar/events/series/digitalblackbelt.mspx. Read more

Boston Code Brew first meeting

1/21/2005

 .NET    Security    Speaking   
Read more

Browsing the Web and Reading E-mail Safely with Software Restriction Policies

1/18/2005

 Security   
Read more

.NET Rocks Show Info

1/17/2005

 .NET    Personal    Security    Speaking   
Read more

Boston Code Brew, January 19

1/17/2005

 .NET    Personal    Security    Speaking   
Read more

Code Camp 3 - SQL Server 2005 Security

1/16/2005

 .NET    Database Development    Personal    Security    Speaking   
I have added another topic to the ever growing data track for the upcoming New England Code Camp 3:SQL Server 2005 SecurityThis talk will focus on... Read more

So that is what they were -- AntiSpyware Alerts

1/13/2005

 .NET    Personal    Security   
Read more

Windows Internals, 4th Edition and SysInternals RSS feed

1/4/2005

 .NET    ArchitecturePatterns    Security   
I have been busy ramping up for some new work through my company lately (which I will mention in another post), and one resource I have looked forward... Read more

A couple of secure coding articles

12/28/2004

 .NET    ArchitecturePatterns    ASP.NET    Security   
Some interesting reads I found today on secure coding:Secure programmer: Call components safely [By way of Dana Epp] David Wheeler has released a new... Read more

Article on Penetration Testing

12/10/2004

 .NET    ASP.NET    Personal    Security    Speaking   
Read more

Boston C# and .NET User Groups and Potluck Dinners

12/9/2004

 .NET    Extreme Programming    Personal    Security    Speaking   
Read more

Perception of System Security

11/28/2004

 .NET    Security   
Valery Pryamikov has posted an excellent article titled "On Evolution of Microsoft Perception of System Security". The article chronicles the changes... Read more

Microsoft IT Security Resources

11/28/2004

 .NET    Security   
Jerry Bryant posted a great list of Microsoft IT Security Resources (current as of November, 2004) to his blog:... Read more

Connecticut .NET Users Group talk - slides and code

11/24/2004

 .NET    ArchitecturePatterns    CLR    Database Development    Personal    Rotor    Security    Speaking   
Read more

CLR Team Tour

11/20/2004

 .NET    ArchitecturePatterns    CLR    COMPlus EnterpriseServices    Personal    Security    Service Orientation (SO)    Web Services   
Read more

What's new for security in .NET 2.0?

11/18/2004

 .NET    .NET Remoting    ArchitecturePatterns    ASP.NET    Security   
Pierre Nallet of DevelopMentorhas written a good article sumarizing new security features in .NET 2.0. Take a look: "What is new for security in .NET... Read more

Speaking to Boston C# Users Group on December 7

11/18/2004

 .NET    ArchitecturePatterns    Security    Speaking   
I will be speaking to the BostonC# Users Group on December 7 in Waltham, MA (Microsoft offices) at 6:30 pm on a slightly different topic for me. The... Read more

Security policy deployment and blog

11/17/2004

 .NET    ArchitecturePatterns    Security   
By way of DominicBaier:If you are interested in .net/windows security - check out michael willers blog! You'll find interesting in-sights in secure... Read more

SOA Talks update

11/11/2004

 .NET    ArchitecturePatterns    Books    Security    Service Orientation (SO)    Web Services   
Read more

SOA Talks

11/10/2004

 .NET    ArchitecturePatterns    Security    Service Orientation (SO)    Web Services   
Last night, I attended the Boston C# Users Group meeting at Microsoft, Waltham, MA where Jim Lennox was speaking on Service-Oriented Architecture... Read more

Partially-Trusted AppDomains part 2

11/9/2004

 .NET    ArchitecturePatterns    CLR    Security   
Read more

Partially-Trusted AppDomains

11/7/2004

 .NET    Security   
Read more

Advanced notice of security bulletins

11/5/2004

 Security   
Microsoft has opened its doors to all customers with advanced notices of security bulletins. Previously, this was only available to Premier and other... Read more

Upcoming Speaking -- CT Developers Group and HDC 2004

11/2/2004

 .NET    Database Development    Personal    Security    Speaking   
Read more

Secure AppDomain example

11/2/2004

 .NET    ArchitecturePatterns    CLR    Security   
Read more

Non-Admin resources part 2

11/2/2004

 .NET    Security   
Read more

WinDev recap

10/30/2004

 .NET    ArchitecturePatterns    CLR    Database Development    Extreme Programming    Personal    Security   
Read more

WinDev Presentations and Code

10/30/2004

 .NET    Security   
I have posted my WinDev 2004 presentations and code on my SecureDevelop.net website:S7 - Writing Least Privileged Applications: pdf, codeS8 - Hosting... Read more

Improving Applications Security through Penetration Testing

10/30/2004

 .NET    Security   
Read more

The moon and Red Sox

10/27/2004

 .NET    CLR    Personal    Security   
At the end of my "speaking debut" dayat WinDev(more on that later), I went out to look at the lunar eclipse when I noticed several people looking up.... Read more

Code Camp II Presentations and Demos

10/25/2004

 .NET    Personal    Security    Service Orientation (SO)    Smart Clients   
Read more

At WinDev this week

10/25/2004

 .NET    Personal    Security   
Read more

DevCon - Using XML for Missles

10/20/2004

 .NET    Security    Service Orientation (SO)    Web Services   
Just heard Whit Kemmey speak about "Using XML for Navy Missle Systems". This followed Don's talk on "WS-Why?" -- Don also used the same kind of loud... Read more

Developing as a Non-Admin resources

10/18/2004

 .NET    Security   
Read more

Code Camp II Report

10/18/2004

 .NET    ArchitecturePatterns    Database Development    Personal    Security    Smart Clients   
Read more

Update on a must read book on Windows Security

10/10/2004

 .NET    Personal    Security   
Read more

ASP.NET and Defense in Depth example

10/10/2004

 .NET    ASP.NET    Security   
Read more

Another blog for ASP.NET security

10/10/2004

 .NET    ASP.NET    Security   
Another ASP.NET security blog is live: Dinis Cruz of OWASP-DOTNET fame is now blogging (RSS).Subscribed.I am really looking forward to Dinis'... Read more

Bruce Schneier is blogging

10/7/2004

 Security   
Read more

Cabana Night and Code Camp II

10/6/2004

 .NET    Personal    Security   
Read more

ASP.NET Vulnerability

10/6/2004

 .NET    ArchitecturePatterns    ASP.NET    Security   
I have been following this for a little over a week now on some security newsgroups, and it is now public from Microsoft: This alert is to advise you... Read more

WSE 2.0 and friends

9/25/2004

 .NET    Personal    Security    Service Orientation (SO)    Web Services   
I had the pleasure of attending Michele Leroux Bustamante's talk this past week on Web Services Security with a focus on WSE 2.0 at the NH .NET User... Read more

Living the non-admin lifestyle

9/23/2004

 .NET    Security   
Read more

Code Camp II updates

9/22/2004

 .NET    ArchitecturePatterns    Database Development    Security    Service Orientation (SO)    Smart Clients    Web Services   
I added a couple of other topics to my proposed list at Code Camp II:Developing as a non-admin (chalk talk)We have all heard we shouldn’t run as... Read more

A must read book on Windows Security

9/21/2004

 .NET    Books    Security   
Yesterday, Keith Brown mentioned his new book The .NET Developer's Guide to Windows Security is finally shipping. I have preordered my copy from... Read more

ASP.NET 2.0 Partial Trust Web Sites

9/20/2004

 .NET    ArchitecturePatterns    ASP.NET    Security   
Read more

Are evil people attacking your web site?

9/19/2004

 .NET    ArchitecturePatterns    ASP.NET    Security   
Read more

Pass Phrases, Passwords, and PassFaces

9/15/2004

 Security   
Read more

Secure CLR Hosting in Whidbey / 2.0

9/10/2004

 .NET    ArchitecturePatterns    CLR    Database Development    Personal    Security   
Read more

Hacking the Hacme Bank

9/10/2004

 .NET    ArchitecturePatterns    ASP.NET    Security   
Both Dominick Baerand Anil John are pointing to Foundstone's new sample web application (written in ASP.NET and C#)that demonstrates common security... Read more

Upcoming events

8/31/2004

 .NET    Personal    Security   
Read more

Developing software as non-admin on DNR

8/30/2004

 .NET    Security   
Read more

Code Camp II is really looking good

8/30/2004

 .NET    CLR    Personal    Rotor    Security   
Code Camp II is getting a lot of great speakers lined up for the October 17-18 weekend. Several of the speakers are coming from outside of the New... Read more

Windows XP Security reading

8/26/2004

 .NET    ArchitecturePatterns    Security   
Looking for some fun reading today?Brian Johnson has posted a link to the latest Windows XP Security Guide documents and toolsfrom Microsoft:The... Read more

Mobility Day at Microsoft, Waltham

8/18/2004

 .NET    ArchitecturePatterns    ASP.NET    Database Development    Personal    Security    Smart Clients   
Read more

CAS sample in Mono

8/18/2004

 .NET    CLR    Rotor    Security   
Read more

Microsoft Baseline Security Analyzer V1.2.1 Released

8/17/2004

 .NET    Security   
Read more

CLR Hosting Blog

8/17/2004

 .NET    ArchitecturePatterns    CLR    Security   
Read more

A view of the Indigo team

8/17/2004

 .NET    .NET Remoting    ArchitecturePatterns    COMPlus EnterpriseServices    Personal    Security    Service Orientation (SO)    Web Services   
I just watched and enjoyed Channel 9's view of the Indigo team (a video tour through the offices with Don Box).This was a fun video, especially... Read more

Congrats to Beantown .NET User Group

8/16/2004

 .NET    Personal    Security   
Read more

Speaking at Microsoft's Code Camp II

8/13/2004

 .NET    Security    Smart Clients   
I will be speaking at Code Camp II, a Microsoft event coordinated by Thom Robbinsat the local Microsoft Waltham,MAoffice on October 16-17.The first... Read more

nmap and XP SP2

8/12/2004

 Security   
There are some interesting discussions about the loss of raw socket support in the new Windows XP SP2. Dominick Baier, Ian Griffiths, and Dana Epp are... Read more

A First Look at SQL Server 2005 for Developers

8/11/2004

 .NET    ADO.NET    Books    CLR    Database Development    Security   
Ireceived my copy of A First Look at SQL Server 2005 for Developers yesterday (written by Bob Beauchemin, Niels Berglund, Dan Sullivan, three of the... Read more

Advanced Data Access with ADO.NET and Oracle

8/11/2004

 .NET    ADO.NET    Database Development    Security   
Read more

Simple and interesting solution for hidden root kits

8/10/2004

 Security   
Read more

Windows XP SP2 network installation package is available

8/9/2004

 .NET    Security   
Read more

Speaking on CAS tonight in Boston

8/5/2004

 .NET    Rotor    Security   
Just a reminder, I will be speaking on Code Access Security (CAS) to the new Downtown Boston .NET User Group in Boston tonight at 5:30 pm. If you are... Read more

Threat Modeling review

8/3/2004

 .NET    Books    Security   
I mentioned a couple of months ago I finally received my copy of the new Threat Modeling book.I was going to post a mini-review as it is excellent,but... Read more

Smart Client Architecture and Design Guide

7/31/2004

 .NET    ArchitecturePatterns    Books    Security    Smart Clients   
I agree withKlaus that Smart Clients need another look, as ASP.NET is not theonly solution for UIdeployment. The P&P book Smart Client Architecture... Read more

Password information and passphrase advice

7/28/2004

 .NET    Security   
Read more

Session Hijacking article

7/20/2004

 .NET    ASP.NET    Security   
Jeff Prosise has an article posted this month in MSDN Magazine on “Foiling Session Hijacking Attempts”. I was talking about this issue with a friend... Read more

Have you been hacked?

7/20/2004

 .NET    Security   
Read more

Secure Coding slides, running as non-admin

7/16/2004

 .NET    ArchitecturePatterns    Security   
I have posted the Powerpoint slides from my Boston .NET Users Group presentationhere on my website. It is very similar to the presentation I gave to... Read more

Frank Swiderski talks about his Threat Modeling Tool

7/12/2004

 .NET    Books    Security   
Read more

Don Kiely on Least Privilege in Vermont

7/8/2004

 .NET    ASP.NET    Database Development    Security   
Read more

Using SecureString now

7/7/2004

 .NET    Security   
Read more

Speaking on Code Access Security to Downtown Boston .NET User Group on August 5

7/7/2004

 .NET    ArchitecturePatterns    Security   
Read more

SQL Express Beta 2 experiences

7/5/2004

 .NET    ArchitecturePatterns    CLR    Database Development    Security   
Sam talks about hisexperiences with the new SQLExpress Beta 2 Edition. Heis frustrated by the lack of UI tools (in particular, the publicized tool... Read more

Frank Swiderski is blogging

7/1/2004

 .NET    Security   
Read more

Threat Modeling book, Part 2

6/29/2004

 .NET    ArchitecturePatterns    Books    Security   
Read more

Assessing Network Security book

6/25/2004

 Books    Security   
Read more

WS Plumbing Group

6/23/2004

 .NET    ArchitecturePatterns    Security    Service Orientation (SO)    Web Services   
Read more

Threat Modeling book

6/23/2004

 .NET    Books    Security   
Read more

Speaking to Boston .Net Users Group on Security

6/23/2004

 .NET    Security   
Read more

CAS and Partially Trusted Code

6/18/2004

 .NET    ASP.NET    Security    Service Orientation (SO)    Web Services   
Maxim V. Karpov has written a great article on Code Access Security (CAS) – "Guilty until proven Innocent" (Partially Trusted Code) which talks... Read more

Learn to run as non-Admin

6/17/2004

 .NET    Security   
Read more

Windows XP SP2 RC2 is available

6/15/2004

 .NET    Security   
Read more

Threat Modeling Resource Page

6/8/2004

 .NET    Security   
Read more

Principle of least privilege

5/27/2004

 .NET    Security   
Read more

Threat Modeling Tool available

5/25/2004

 .NET    Security   
Read more

SO Prescriptive Guidance

5/25/2004

 .NET    .NET Remoting    ArchitecturePatterns    CLR    COMPlus EnterpriseServices    Security    Service Orientation (SO)    Web Services   
Read more

WSE 2.0 available

5/24/2004

 .NET    Security    Web Services   
Read more

TechNet Security Briefings slide decks

5/23/2004

 .NET    ArchitecturePatterns    Security   
Read more

SQL Server Security book

5/23/2004

 .NET    Books    Database Development    Security   
Read more

Ramblings on Enterprise Services

5/16/2004

 .NET    .NET Remoting    ArchitecturePatterns    ASP.NET    CLR    COMPlus EnterpriseServices    Database Development    Security    Web Services   
Read more

PC security for teenagers

5/12/2004

 Books    Security   
This week, I received abook I had beenwaiting awhile to ship: Dan Appleman's Always Use Protection: A Teen's Guide to Safe Computing. Ever since... Read more

Microsoft eLearning Courses on Security

5/12/2004

 .NET    ADO.NET    ArchitecturePatterns    ASP.NET    CLR    COMPlus EnterpriseServices    Database Development    Security    Web Services   
Read more

Test-Driven Development in Microsoft.NET book

5/5/2004

 .NET    .NET Remoting    ADO.NET    ArchitecturePatterns    ASP.NET    Books    CLR    COMPlus EnterpriseServices    Database Development    Extreme Programming    Security   
Read more

Speaking at WinDev 2004

5/5/2004

 .NET    ArchitecturePatterns    Security   
Read more

Keith Brown's (and others) new location

5/5/2004

 .NET    ArchitecturePatterns    Security   
Read more

Improving .NET Application Performance and Scalability released

4/28/2004

 .NET    .NET Remoting    ADO.NET    ArchitecturePatterns    ASP.NET    Books    CLR    COM Interop    COMPlus EnterpriseServices    Database Development    Security    Web Services   
The book Improving .NET Application Performance and Scalability I have been pointing to over the past few months has finally been released on MSDN.... Read more

ASP.NET Partial-Trust web sites

4/28/2004

 .NET    ASP.NET    Security   
Anil John has posted an excellent introduction to one of my favorite methods of securing web sites: creatingPartial-Trust ASP.NET web sites to sandbox... Read more

Security in Longhorn: Focus on Least Privilege

4/23/2004

 .NET    Security   
Read more

Detection of SQL Injection and Cross-site Scripting Attacks

4/14/2004

 .NET    ArchitecturePatterns    ASP.NET    Security   
I found an interesting article titled “Detection of SQL Injection and Cross-site Scripting Attacks“ at SecurityFocus today. Basically, it focuses on... Read more

Second Architectural Journal available

4/13/2004

 .NET    ArchitecturePatterns    Security    Web Services   
As mentioned by Ted Neward, the second Architect's Journal is now available. Looks like some great articles on Service-Oriented Architecture (SOA),... Read more

Processes to Develop Secure Software

4/1/2004

 .NET    Security   
Read more

Understand the dangers of Fully Trusted Code

3/26/2004

 .NET    ArchitecturePatterns    ASP.NET    CLR    Security   
In my own research into .Net Security, one area I have explored is how to correctly set up Partial Trust websites with ASP.NET 1.1 and resources... Read more

Preparing for Indigo

3/24/2004

 .NET    .NET Remoting    ArchitecturePatterns    COMPlus EnterpriseServices    Security    Web Services   
One of my favorite authors, Tom Barnaby, has written a short article titled “Preparing for Indigo” in preparation for his “Get Ready for... Read more

Remoting and Security Updates

3/23/2004

 .NET    .NET Remoting    Security   
Read more

Quality software means more secure software

3/18/2004

 .NET    Books    Security   
Read more

Recommended Application Security books

3/8/2004

 Books    Security   
Read more

EnterpriseServices/COMPlus, DCOM, and Firewalls

3/7/2004

 .NET    .NET Remoting    ArchitecturePatterns    COM Interop    COMPlus EnterpriseServices    Security    Web Services   
Read more

Microsoft Security Guidance CD

3/2/2004

 .NET    Security   
Read more

Further clarification

2/26/2004

 .NET    .NET Remoting    ADO.NET    ArchitecturePatterns    ASP.NET    COM Interop    COMPlus EnterpriseServices    Database Development    Security    Web Services   
Read more

Custom Exceptions and EnterpriseServices, Part 2

2/24/2004

 .NET    .NET Remoting    ADO.NET    ArchitecturePatterns    ASP.NET    CLR    COM Interop    COMPlus EnterpriseServices    Database Development    Security   
I noticed yesterday the article on Throwing Custom Exception Types from a Managed COMPlus Server Application that I blogged about previously is... Read more

Clarification on distributed data security

2/18/2004

 .NET    .NET Remoting    ArchitecturePatterns    ASP.NET    COM Interop    COMPlus EnterpriseServices    Database Development    Security    Web Services   
Read more

Distributed data security

2/14/2004

 .NET    .NET Remoting    ADO.NET    ArchitecturePatterns    ASP.NET    COM Interop    COMPlus EnterpriseServices    Database Development    Security    Web Services   
Read more

Security Warrior

2/13/2004

 Books    Security   
Read more

Real distributed application development

2/12/2004

 .NET    .NET Remoting    ArchitecturePatterns    ASP.NET    CLR    COMPlus EnterpriseServices    Database Development    Security    Web Services   
Sam Gentileposted an excellentarticle on the lack of real .Net distributed application development and examples. Othershave commented on this article... Read more

Secure Coding Presentation Available

2/4/2004

 .NET    ArchitecturePatterns    ASP.NET    Database Development    Security   
For those interested, I have made the Secure Coding: Best Practices presentation slide deck available on my website. You can download it from the link... Read more

OWASP Top Ten for 2004

2/4/2004

 .NET    ASP.NET    Database Development    Security    Web Services   
Read more

Cross-Site Scripting (XSS) Bug in ASP.NET 1.1

2/4/2004

 .NET    ArchitecturePatterns    ASP.NET    Database Development    Security   
Read more

Speaking to CSharp Users Group tonight on Secure Coding

2/3/2004

 .NET    Security   
For those interested, I will be speaking on Secure Coding: Best Practices (as mentioned here) tonight in Waltham, MA at 6:30 pm to the BostonC# Users... Read more

Using Threat Analysis to Design More Secure Systems

2/1/2004

 ArchitecturePatterns    Books    Security   
Read more

Watch for SQL Injection in Oracle

1/24/2004

 .NET    ArchitecturePatterns    Database Development    Security   
In my everyday life, I work with both SQL Server and Oracle databases to develop databases, schemas, stored procedures, and functions as well as the... Read more

Authorization and Profile Application Block

1/22/2004

 .NET    ArchitecturePatterns    Books    Security   
Read more

Speaking to Boston C# Users Group on Secure Coding: Best Practices

1/17/2004

 .NET    Security   
Read more

FlexWiki and URLScan

1/17/2004

 .NET    ASP.NET    Extreme Programming    Security   
Read more

Demystifying the .NET Global Assembly Cache

1/15/2004

 .NET    CLR    COMPlus EnterpriseServices    Security   
Read more

Authentication and Authorization

12/19/2003

 .NET    .NET Remoting    ArchitecturePatterns    CLR    COMPlus EnterpriseServices    Security   
Last night, I had the opportunity to speak to the New Hampshire .Net Users Groupabout .Net Security, in particular speaking about User (Role-Based)... Read more

December NH .Net User Group Meeting Update

12/13/2003

 .NET    ArchitecturePatterns    Security   
Read more

Speaking on .Net Security Best Practices to NH .Net Users Group

12/12/2003

 .NET    Security   
Read more

Developing as a non-Administrator

12/10/2003

 .NET    Security   
Lars Bergstrom wrote an article for MSDN a few months ago called “Developing Software in Visual Studio .NET with Non-Administrative Privileges” and it... Read more

Using Windows Application Verifier for Security Testing

12/9/2003

 .NET    ArchitecturePatterns    Security   
Read more

Improving .NET Application Performance and Scalability

12/7/2003

 .NET    .NET Remoting    ADO.NET    ArchitecturePatterns    ASP.NET    Books    CLR    COM Interop    COMPlus EnterpriseServices    Database Development    Extreme Programming    Security    Web Services   
Another task I am working on is extensive performance and scalability testing for a large Distributed .Net project.Our approach is to set up tests... Read more

Code Access Security with ES, .Net Remoting, Distributed Applications

11/25/2003

 .NET    .NET Remoting    ArchitecturePatterns    COMPlus EnterpriseServices    Security   
Read more

.Net and ES/COMPlus Security

11/14/2003

 .NET    ASP.NET    COMPlus EnterpriseServices    Security   
Read more

Code Access Security with ASP.Net and ES

11/9/2003

 .NET    ArchitecturePatterns    ASP.NET    COMPlus EnterpriseServices    Security   
I have been immersed in Code Access Security (CAS) this weekend as we ramp up .Net security for an ASP.Net/Enterprise Services (ES) project.This book... Read more

PDC Security Symposium

10/30/2003

 .NET    Security   
Tim Sneath has posted several excellentarticles/notesfrom the PDC Security Symposium held today. He may post more, but at this point, here are his... Read more

SQL Security and SQL Server Books Online Update

10/23/2003

 Database Development    Security   
Read more

Michael Howard has a blog

10/23/2003

 .NET    Security   
Michael Howard, one of my favorite security guys, and co-author of Writing Secure Code, Second Edition, has a blog. Subscribed! Read more

MSDN November, 2003 on Security

10/15/2003

 .NET    Security   
Following up on my security emphasislately, the November, 2003 MSDN magazine is full of greatinformation on security. You candownload the HTML Help... Read more

Security Talk, Part 1 continued

9/28/2003

 .NET    Security   
This past week, I concluded my talk on Security Coding: Best Practices. This was a continuation of Part 1 that I started last week. In particular, I... Read more

Security Talk, Part 1

9/20/2003

 .NET    Security   
This past week, I completed the first partof my talks on Security Coding: Best Practicesat my work place. I didn't get as much covered as I had hoped,... Read more

Security, Architecture, and Unit Testing

9/20/2003

 .NET    ArchitecturePatterns    Extreme Programming    Security   
Read more

Secure Coding Articles

9/6/2003

 .NET    Security   
I found this list of good Secure Coding resources on the MSDN Security section.  Here is a summary of the list of articles:Getting StartedMSDN How-To... Read more

Secure Coding: Best Practices

9/5/2003

 .NET    ArchitecturePatterns    ASP.NET    COMPlus EnterpriseServices    Security   
I was noticing John Lam's two posts this morning on .Net Security:  Securing ASP.NET using Enterprise Services and Improving Web Application Security:... Read more

Another Secure Programming book

8/18/2003

 Books    Security   
Read more

Secure Coding books

8/8/2003

 Books    Security   
A new book came out last month called Secure Coding: Principles and Practices. I am reading this now (just purchased today at SoftPro). It looks to... Read more

Configuration Management Application Block

6/25/2003

 .NET    Security   
There are several Application Blocks from Microsoft lately, but the Configuration Management Application Block (released 6/24/2003) is one I have been... Read more

Pages: [1]