Tags
Contents tagged with Security
10/1/2017
I wrote a blog post on LinkedIn (and Medium) about speaking on Threat Modeling for September and October. Check it out.
Read more 3/7/2016
Over the past couple of years, I have been speaking about, writing about, and helping companies and their teams with addressing issues in software...
Read more 12/16/2015
Below is a guest blog post to the Hartford Springfield Speaker's Network blog posted on 12/12/2015.
As I mentioned in my...
Read more 11/30/2015
Earlier this month, I spoke atthe Hartford Springfield Speaker's Networkmeeting as one of the spotlight speakers. You can catch a video of it on my...
Read more 11/22/2015
I spoke a couple times this past week on the topic of "Threat Modeling for Secure Software Design". Here are the decks (there are some slight...
Read more 10/4/2015
Here are the slides from "How to Make Threat Modeling Work for You" talk at BASC 2015 (10/3/2015):SlidesThank you!
Read more 9/16/2015
Here are the slides from "How to Make Threat Modeling Work for You" talk at TECHIntersection today (9/16/2015):SlidesThank you!
Read more 8/18/2015
As I mentionedpreviously, I am speaking at TECHIntersectionin September 14 - 17, 2015 on topics in Threat Modeling and Secure SDLC. I have been...
Read more 8/17/2015
Read more 7/1/2015
There are a couple of new Threat Modeling books released in May, 2015 that I have been interested in reading and reviewing. I received both a few days...
Read more 7/1/2015
I received notice today I have been awarded a Microsoft MVP for 2015 in the area of Developer Security.Thank you Microsoft, my new MVP lead, and all...
Read more 3/12/2015
I proposed two talks to the Boston Code Camp 23conference held next week, but because of the great turn out of speakers (33!), each of us received...
Read more 3/11/2015
I received news my proposed talk on "Is Threat Modeling for Me?" was accepted for the Security BSides Boston 2015 Con(Twitter: @@bsidesboston) on May...
Read more 2/17/2015
Last week, the RunAsRadio podcast featuring my talk with Richard Campbell (Twitter and .NET Rocks) on Threat Modeling went live. You can listen here...
Read more 2/17/2015
Igor Moochnick (Twitter and Website) will be speaking to the Boston .NET Architecture Group(meets in Waltham, MA at the Magenic offices 6-8 pm EST)...
Read more 12/16/2014
A couple of months ago I was interviewed by Bryan Hogan for a Podcast on Software Security. It is now available.
Read more 10/9/2014
I am speaking tonight at the Western Mass Microsoft Technology Users Group on Securing your ASP.NET MVC Application. I have added a few new items...
Read more 8/14/2014
I am speaking tonight on ASP.NET MVC Security at Microsoft DevBoston.
Read more 9/17/2009
Read more 10/28/2008
Read more 1/1/2008
Read more 10/31/2007
Like Dominick Baier and Christian Weyerof Thinktecture, I also wondered why I couldn't use a UsernameToken with Transport Security in WCF v.1. I...
Read more 10/22/2007
Once again, for the 4th year in a row, I enjoyed the one conference I make sure to book well in advance. I haven't traveled to conferences as much...
Read more 9/24/2007
Read more 9/9/2007
Read more 8/29/2007
Read more 7/16/2007
Read more 6/20/2007
Read more 6/4/2007
Read more 4/4/2007
Over the weekend at the New England Code Camp 7 conference, I mentioned briefly about some of the potential security problems with AJAX. Dana Epp has...
Read more 4/3/2007
I have posted the slide decks and demo code I used for my talks this past weekend at the New England Code Camp 7 - Deer in Headlightsconference. You...
Read more 3/28/2007
I found a veryencouraging announcement today: SANS has created the new Software Security Institute (SSI) (link) which is aexam program designed to...
Read more 3/26/2007
I will be speaking this weekend, March 31-April 1, at the New England Code Camp 7: Deer in Headlights located at the Microsoft, Waltham, MA offices. I...
Read more 3/5/2007
I will be speaking tomorrow night on "Threat Modeling for Web Applications" at the Western Mass .NET User Group meeting in Easthampton, MA. The...
Read more 1/2/2007
I have been heads down design and coding for the last 2 1/2 half weeks on an interesting WCF project (yes, unfortunately, even over the holidays -- I...
Read more 11/8/2006
Yesterday, I used the wonderful tools from SysInternals for troubleshooting some of the new VC++ 2005 SxS issues I had with my port from VC++ 2003 to...
Read more 10/24/2006
My slides for the Boston Code Camp 6 this past weekend have been posted on my site. My sessions were well attended and I got very good comments on...
Read more 10/18/2006
My plans have changed for this weekend, so I will be presenting more topics at the Boston Code Camp 6 (the schedule has been posted). This time, the...
Read more 10/10/2006
Read more 10/4/2006
I have been busy with a great architecture project lately that I have mentioned previously. I have also been finalizing slides and demos and making...
Read more 8/28/2006
I will be speaking at the Beantown .NET User Group meeting, Boston, from 5:30 pm to 7:30 pm on Thursday, September 7. Here is the topic and...
Read more 8/4/2006
Occasionally, I am called upon to do a security code review. I enjoy the process and I recommend it to every shop that writes software to regularly...
Read more 7/28/2006
I have been silent for the last month or so, but I am hoping to get back into writing again. July was an eventful month for me. I turned 38 (July 10),...
Read more 7/8/2006
Read more 6/16/2006
Read more 6/14/2006
Read more 6/12/2006
Read more 5/26/2006
One of my talks at the New England Code Camp 5 was "Threat Modeling for Web Applications". At the end of the talk, I did a demo showing the new Threat...
Read more 5/25/2006
Read more 5/5/2006
Read more 3/31/2006
A little late (voting ends today at 5:00 pm), but I have submitted a Birds of a Feather (BoF) session for TechEd 2006:Developing as a...
Read more 3/15/2006
Read more 2/27/2006
The Microsoft ACE Team has put together a specific blog on Threat Modeling [found again (again as inI can't remember where I saw the original link...
Read more 2/24/2006
Read more 2/23/2006
Read more 2/20/2006
This has been circulating among the .NET security community for several months, and now finally, we have "official" word that Windows Communication...
Read more 2/19/2006
Read more 2/19/2006
Dominick Baierhas posted (titled Beware (=be aware) of ClickOnce default Settings) some startling results from research he completed with the .NET 2.0...
Read more 2/16/2006
Chip Andrews points to this articlecalled Ten hacker tricks to exploit SQL Server systemsby Kevin Beaver. In my opinion, this article is good for many...
Read more 2/16/2006
Aaron Margosis is posting a series of posts on "LUA" bugs, including what they are (and what aren't bugs) and how to fix them. As always, excellent...
Read more 2/16/2006
Read more 2/15/2006
Read more 2/14/2006
Read more 2/4/2006
Read more 2/4/2006
Read more 2/4/2006
I often get questions at conferences about the new ASP.NET 2.0 security features including membership and role management. Also, in particular, I get...
Read more 2/2/2006
Yesterday's session on "Leveraging .NET 2.0 Security Features" went quite well. I have posted slides and code on my site here.This was the first time...
Read more 1/29/2006
I have been doing a fair amount of development in VC++, Java, and .NET 2.0 lately for one large project that is finally winding down after almost a...
Read more 1/23/2006
Read more 1/19/2006
Microsoft released a new whitepaper from theMicrosoft Solutions for Security and Compliance group (MSSC) on "Applying the Principle of Least Privilege...
Read more 1/4/2006
Congratulations to all new and returning MVPs!I have been awarded again (2nd year) as a Microsoft Security Developer MVP for 2006. It has been a great...
Read more 1/1/2006
I hope and wish everyone a very Happy and Prosperous New Year 2006! I am finally catching up on some blog reading this weekend and found a couple of...
Read more 12/29/2005
It has been a busy month and a half since I last blogged -- too busy. But, it has been fun as I have done a few security code audits, lots of...
Read more 11/18/2005
Read more 11/15/2005
Read more 11/11/2005
Read more 11/10/2005
I will be speaking tonight to the New England SQL Server User Group at Microsoft in Waltham, MA. My friend Andrew Novick will give a talk on SQL...
Read more 11/10/2005
The MAD Security Code Camp site has been updated with photos from the event. This one is priceless.
Read more 11/8/2005
Read more 11/7/2005
I was questioned briefly last week forthis article in Computerworld:Robert Hurlbut, an independent software consultant in Worcester, Mass., said SQL...
Read more 11/7/2005
Read more 11/3/2005
Read more 10/31/2005
Read more 10/26/2005
I will be speaking on Threat Modeling for Web Applications at the local OWASP Boston chapter meeting on November 2, at the Microsoft, Waltham, MA...
Read more 10/25/2005
Read more 10/16/2005
Read more 10/14/2005
I had a great time in Orlando at VSLive!. The hotel we stayed at (Walt Disney World Dolphin Hotel)is amazing! This hotel is HUGE ... several of us...
Read more 10/14/2005
Read more 10/9/2005
Read more 10/9/2005
I was excited to see Shawn Farkas' article available on "Discover Techniques for Safely Hosting Untrusted Add-Ins with the .NET Framework 2.0", which...
Read more 10/8/2005
I will be speaking at the Mid-Atlantic (MAD) Security Code Camp at the Microsoft offices in Reston, VA on October 29. I am really looking forward to...
Read more 10/4/2005
Read more 10/3/2005
Read more 9/30/2005
Brian Johnson has written a new article on MSDN describing the new security features of Visual Studio 2005. Take a look -- I have been playing with...
Read more 9/26/2005
I am catching up after another very successful New England Code Camp weekend. I am getting ready to head out to the MVP Global Summit 2005in Seattle,...
Read more 9/18/2005
I have been working on severalpresentations on security,SQL Server, and transactions topicsfor upcoming conferences and user group talks. These always...
Read more 9/15/2005
A couple of weeks ago while flying to and from Microsoft in Redmond, I read most of this book (still finishing it between bits of spare time on my...
Read more 9/4/2005
Read more 8/28/2005
Nigel Watling (great start of a blog, by the way -- subscribed! RSS) has a very nice summary of some material on developing as a non-administrator and...
Read more 8/26/2005
Shawn Farkas has posted an excellent summary of the newest features and changes for Security in .NET 2.0 on his blog. He also links to Keith Brown and...
Read more 8/16/2005
Read more 8/13/2005
I am putting this here as a nice placeholder (for myself and others):The patterns and practices folks have just updated their list of Security-related...
Read more 8/11/2005
Read more 8/11/2005
Read more 7/23/2005
Rick Samona has a webcast on MSDN TV discussing how developers can write secure code using the new enhancements in Visual Studio 2005. Take about...
Read more 7/20/2005
I will be speaking at the Heartland Developers Conference 2005 in Cedar Rapids, Iowa on October 12-14, 2005. My topic will be Security Changes in .NET...
Read more 7/12/2005
Read more 7/8/2005
It's been a busy week, but I had a chance to attenda talk this week. By chance, I happened to catch the local OWASP (Open Web Application Security...
Read more 7/8/2005
I received this book, Honeypots for Windows by Roger A. Grimes (published by Apress), a couple of months ago to review. I have read a chapter hear and...
Read more 7/5/2005
Larry Ostermanoffers some words of wisdom regarding the differnce between a developer understanding cryptography (as in "which algorithm should I use"...
Read more 7/1/2005
I spent the last couple of days at VSLive! Boston. I gave a talk on Wednesday on "Writing Secure Plug-Ins Applications in .NET". You can pick up the...
Read more 7/1/2005
I was informed that today it is official: I have been moved from the Visual C# MVP group into the newly formed Application Developer Security MVP...
Read more 6/23/2005
One highlight (among many) of my stay in Montreal for DevTeachwas meeting Montreal natives Nicole Calinoiu and her husband Michel Bordeleau for dinner...
Read more 6/13/2005
Read more 6/7/2005
Read more 6/6/2005
One of my first published articles came out a few days agoin the June, 2005 issue of .NET Developers Journal.This is a security focused issue with...
Read more 5/19/2005
Eric Marvets, the Security Samurai, who spoke at last weekend's Atlanta Code Camp, now has a security blog. Eric did some work for me (through my...
Read more 5/18/2005
This is a nice welcome addition to the threat modeling literature, and especially for web application security. Take a look. Excellent resource!...
Read more 4/27/2005
The TechEd BOF (Birds of a Feather) voting is over and mine wasaccepted. Here is the schedule:Developing software as a non-administrator -Wed, June...
Read more 4/20/2005
I was asked last week and informed Friday that I was selected to be one of the Technical Experts at the Connected Systems Infrastructure (CSI) Track...
Read more 4/8/2005
Read more 4/6/2005
Read more 4/1/2005
Read more 3/31/2005
As you may know, the long awaited Windows Server 2003 SP1 has finally reached RTM. Here is some technical information, and a Top Ten feature...
Read more 3/23/2005
I noticed over the last couple of days my "Writing Secure Plug-in Applications in .NET" session is listed for VSLive! Boston. This talk is similar to...
Read more 3/21/2005
My friend Kevin Hegg mentioned this link to me on Friday, but it wasn't live yet. But, it is now: Michael Howard mentions it's "live" status at...
Read more 3/21/2005
There is an MSDN TV overview of writing partially trusted applications with ASP.NET [found by way of Dominick Baier].
Read more 3/18/2005
Have you tried installing SQL Server 2005 yet? If so, how did it go for you?There is a survey the SQL Server team would like you to fill out:The Yukon...
Read more 3/15/2005
Read more 3/14/2005
Read more 3/10/2005
I submitted one of the first TechEd Birds of a Feather (BoF) sessions on this topic:Developing software as a non-administratorWe have all heard we...
Read more 3/9/2005
I will be speaking tonight on .NET Security 101 at the Connecticut Access UsersGroup in Farmington, CT (correction: not in Hartford, but near...
Read more 2/23/2005
By now, I am sure you have seen or heardthe news about SHA1 being broken. In a somewhat timely fashion, I had been (re)reading Bruce Schnier and Niels...
Read more 2/23/2005
Daniele Muscetta (of Microsoft) posted a nice summary of some recent articles on Rootkits. He also included information on SysInternals' latest...
Read more 2/23/2005
I saw this last night, and Dana Epp has posted a pointer:Peter Torr has done it again. He has written an EXCELLENTarticle on writing a practical...
Read more 2/19/2005
Read more 2/19/2005
I will be speaking at DevTeach this year in Montreal, Canada on June 18-22, 2005.My topics (so far -- waiting on a couple of other proposals, but this...
Read more 2/14/2005
Read more 2/14/2005
Read more 2/10/2005
Read more 2/10/2005
Read more 2/4/2005
Read more 2/2/2005
I will be speaking to the Rhode Island .NET Users Group (Providence, RI)on February 10. My topic is on security:Secure Coding for the .NET...
Read more 2/2/2005
Joe Stagner is starting the Digital Blackbelt webcast series on security this Friday with the following topic:MSDN Webcast: Digital Blackbelt Series:...
Read more 1/31/2005
Read more 1/30/2005
Read more 1/30/2005
[By way of Brian Johnson] Take Advantage of ASP.NET Built-in Features to Fend Off Web AttacksDino summarizes the most common types of Web attacks and...
Read more 1/29/2005
Read more 1/28/2005
Read more 1/27/2005
I really like Ken Brubaker's post on Distilled: The .NET Developer's Guide to Windows Securitywhere he has summarized every item in Keith Brown's...
Read more 1/25/2005
Read more 1/21/2005
This new series of Webcasts looks to be very good.Sign up at http://www.microsoft.com/seminar/events/series/digitalblackbelt.mspx.
Read more 1/21/2005
Read more 1/18/2005
Read more 1/17/2005
Read more 1/17/2005
Read more 1/16/2005
I have added another topic to the ever growing data track for the upcoming New England Code Camp 3:SQL Server 2005 SecurityThis talk will focus on...
Read more 1/13/2005
Read more 1/4/2005
I have been busy ramping up for some new work through my company lately (which I will mention in another post), and one resource I have looked forward...
Read more 12/28/2004
Some interesting reads I found today on secure coding:Secure programmer: Call components safely [By way of Dana Epp] David Wheeler has released a new...
Read more 12/10/2004
Read more 12/9/2004
Read more 11/28/2004
Valery Pryamikov has posted an excellent article titled "On Evolution of Microsoft Perception of System Security". The article chronicles the changes...
Read more 11/28/2004
Jerry Bryant posted a great list of Microsoft IT Security Resources (current as of November, 2004) to his blog:...
Read more 11/24/2004
Read more 11/20/2004
Read more 11/18/2004
Pierre Nallet of DevelopMentorhas written a good article sumarizing new security features in .NET 2.0. Take a look: "What is new for security in .NET...
Read more 11/18/2004
I will be speaking to the BostonC# Users Group on December 7 in Waltham, MA (Microsoft offices) at 6:30 pm on a slightly different topic for me. The...
Read more 11/17/2004
By way of DominicBaier:If you are interested in .net/windows security - check out michael willers blog! You'll find interesting in-sights in secure...
Read more 11/11/2004
Read more 11/10/2004
Last night, I attended the Boston C# Users Group meeting at Microsoft, Waltham, MA where Jim Lennox was speaking on Service-Oriented Architecture...
Read more 11/9/2004
Read more 11/7/2004
Read more 11/5/2004
Microsoft has opened its doors to all customers with advanced notices of security bulletins. Previously, this was only available to Premier and other...
Read more 11/2/2004
Read more 11/2/2004
Read more 11/2/2004
Read more 10/30/2004
Read more 10/30/2004
I have posted my WinDev 2004 presentations and code on my SecureDevelop.net website:S7 - Writing Least Privileged Applications: pdf, codeS8 - Hosting...
Read more 10/30/2004
Read more 10/27/2004
At the end of my "speaking debut" dayat WinDev(more on that later), I went out to look at the lunar eclipse when I noticed several people looking up....
Read more 10/25/2004
Read more 10/25/2004
Read more 10/20/2004
Just heard Whit Kemmey speak about "Using XML for Navy Missle Systems". This followed Don's talk on "WS-Why?" -- Don also used the same kind of loud...
Read more 10/18/2004
Read more 10/18/2004
Read more 10/10/2004
Read more 10/10/2004
Read more 10/10/2004
Another ASP.NET security blog is live: Dinis Cruz of OWASP-DOTNET fame is now blogging (RSS).Subscribed.I am really looking forward to Dinis'...
Read more 10/7/2004
Read more 10/6/2004
Read more 10/6/2004
I have been following this for a little over a week now on some security newsgroups, and it is now public from Microsoft: This alert is to advise you...
Read more 9/25/2004
I had the pleasure of attending Michele Leroux Bustamante's talk this past week on Web Services Security with a focus on WSE 2.0 at the NH .NET User...
Read more 9/23/2004
Read more 9/22/2004
I added a couple of other topics to my proposed list at Code Camp II:Developing as a non-admin (chalk talk)We have all heard we shouldn’t run as...
Read more 9/21/2004
Yesterday, Keith Brown mentioned his new book The .NET Developer's Guide to Windows Security is finally shipping. I have preordered my copy from...
Read more 9/20/2004
Read more 9/19/2004
Read more 9/15/2004
Read more 9/10/2004
Read more 9/10/2004
Both Dominick Baerand Anil John are pointing to Foundstone's new sample web application (written in ASP.NET and C#)that demonstrates common security...
Read more 8/31/2004
Read more 8/30/2004
Read more 8/30/2004
Code Camp II is getting a lot of great speakers lined up for the October 17-18 weekend. Several of the speakers are coming from outside of the New...
Read more 8/26/2004
Looking for some fun reading today?Brian Johnson has posted a link to the latest Windows XP Security Guide documents and toolsfrom Microsoft:The...
Read more 8/18/2004
Read more 8/18/2004
Read more 8/17/2004
Read more 8/17/2004
Read more 8/17/2004
I just watched and enjoyed Channel 9's view of the Indigo team (a video tour through the offices with Don Box).This was a fun video, especially...
Read more 8/16/2004
Read more 8/13/2004
I will be speaking at Code Camp II, a Microsoft event coordinated by Thom Robbinsat the local Microsoft Waltham,MAoffice on October 16-17.The first...
Read more 8/12/2004
There are some interesting discussions about the loss of raw socket support in the new Windows XP SP2. Dominick Baier, Ian Griffiths, and Dana Epp are...
Read more 8/11/2004
Ireceived my copy of A First Look at SQL Server 2005 for Developers yesterday (written by Bob Beauchemin, Niels Berglund, Dan Sullivan, three of the...
Read more 8/11/2004
Read more 8/10/2004
Read more 8/9/2004
Read more 8/5/2004
Just a reminder, I will be speaking on Code Access Security (CAS) to the new Downtown Boston .NET User Group in Boston tonight at 5:30 pm. If you are...
Read more 8/3/2004
I mentioned a couple of months ago I finally received my copy of the new Threat Modeling book.I was going to post a mini-review as it is excellent,but...
Read more 7/31/2004
I agree withKlaus that Smart Clients need another look, as ASP.NET is not theonly solution for UIdeployment. The P&P book Smart Client Architecture...
Read more 7/28/2004
Read more 7/20/2004
Jeff Prosise has an article posted this month in MSDN Magazine on “Foiling Session Hijacking Attempts”. I was talking about this issue with a friend...
Read more 7/20/2004
Read more 7/16/2004
I have posted the Powerpoint slides from my Boston .NET Users Group presentationhere on my website. It is very similar to the presentation I gave to...
Read more 7/12/2004
Read more 7/8/2004
Read more 7/7/2004
Read more 7/7/2004
Read more 7/5/2004
Sam talks about hisexperiences with the new SQLExpress Beta 2 Edition. Heis frustrated by the lack of UI tools (in particular, the publicized tool...
Read more 7/1/2004
Read more 6/29/2004
Read more 6/25/2004
Read more 6/23/2004
Read more 6/23/2004
Read more 6/23/2004
Read more 6/18/2004
Maxim V. Karpov has written a great article on Code Access Security (CAS) – "Guilty until proven Innocent" (Partially Trusted Code) which talks...
Read more 6/17/2004
Read more 6/15/2004
Read more 6/8/2004
Read more 5/27/2004
Read more 5/25/2004
Read more 5/25/2004
Read more 5/24/2004
Read more 5/23/2004
Read more 5/23/2004
Read more 5/16/2004
Read more 5/12/2004
This week, I received abook I had beenwaiting awhile to ship: Dan Appleman's Always Use Protection: A Teen's Guide to Safe Computing. Ever since...
Read more 5/12/2004
Read more 5/5/2004
Read more 5/5/2004
Read more 5/5/2004
Read more 4/28/2004
The book Improving .NET Application Performance and Scalability I have been pointing to over the past few months has finally been released on MSDN....
Read more 4/28/2004
Anil John has posted an excellent introduction to one of my favorite methods of securing web sites: creatingPartial-Trust ASP.NET web sites to sandbox...
Read more 4/23/2004
Read more 4/14/2004
I found an interesting article titled “Detection of SQL Injection and Cross-site Scripting Attacks“ at SecurityFocus today. Basically, it focuses on...
Read more 4/13/2004
As mentioned by Ted Neward, the second Architect's Journal is now available. Looks like some great articles on Service-Oriented Architecture (SOA),...
Read more 4/1/2004
Read more 3/26/2004
In my own research into .Net Security, one area I have explored is how to correctly set up Partial Trust websites with ASP.NET 1.1 and resources...
Read more 3/24/2004
One of my favorite authors, Tom Barnaby, has written a short article titled “Preparing for Indigo” in preparation for his “Get Ready for...
Read more 3/23/2004
Read more 3/18/2004
Read more 3/8/2004
Read more 3/7/2004
Read more 3/2/2004
Read more 2/26/2004
Read more 2/24/2004
I noticed yesterday the article on Throwing Custom Exception Types from a Managed COMPlus Server Application that I blogged about previously is...
Read more 2/18/2004
Read more 2/14/2004
Read more 2/13/2004
Read more 2/12/2004
Sam Gentileposted an excellentarticle on the lack of real .Net distributed application development and examples. Othershave commented on this article...
Read more 2/4/2004
For those interested, I have made the Secure Coding: Best Practices presentation slide deck available on my website. You can download it from the link...
Read more 2/4/2004
Read more 2/4/2004
Read more 2/3/2004
For those interested, I will be speaking on Secure Coding: Best Practices (as mentioned here) tonight in Waltham, MA at 6:30 pm to the BostonC# Users...
Read more 2/1/2004
Read more 1/24/2004
In my everyday life, I work with both SQL Server and Oracle databases to develop databases, schemas, stored procedures, and functions as well as the...
Read more 1/22/2004
Read more 1/17/2004
Read more 1/17/2004
Read more 1/15/2004
Read more 12/19/2003
Last night, I had the opportunity to speak to the New Hampshire .Net Users Groupabout .Net Security, in particular speaking about User (Role-Based)...
Read more 12/13/2003
Read more 12/12/2003
Read more 12/10/2003
Lars Bergstrom wrote an article for MSDN a few months ago called “Developing Software in Visual Studio .NET with Non-Administrative Privileges” and it...
Read more 12/9/2003
Read more 12/7/2003
Another task I am working on is extensive performance and scalability testing for a large Distributed .Net project.Our approach is to set up tests...
Read more 11/25/2003
Read more 11/14/2003
Read more 11/9/2003
I have been immersed in Code Access Security (CAS) this weekend as we ramp up .Net security for an ASP.Net/Enterprise Services (ES) project.This book...
Read more 10/30/2003
Tim Sneath has posted several excellentarticles/notesfrom the PDC Security Symposium held today. He may post more, but at this point, here are his...
Read more 10/23/2003
Read more 10/23/2003
Michael Howard, one of my favorite security guys, and co-author of Writing Secure Code, Second Edition, has a blog. Subscribed!
Read more 10/15/2003
Following up on my security emphasislately, the November, 2003 MSDN magazine is full of greatinformation on security. You candownload the HTML Help...
Read more 9/28/2003
This past week, I concluded my talk on Security Coding: Best Practices. This was a continuation of Part 1 that I started last week. In particular, I...
Read more 9/20/2003
This past week, I completed the first partof my talks on Security Coding: Best Practicesat my work place. I didn't get as much covered as I had hoped,...
Read more 9/20/2003
Read more 9/6/2003
I found this list of good Secure Coding resources on the MSDN Security section. Here is a summary of the list of articles:Getting StartedMSDN How-To...
Read more 9/5/2003
I was noticing John Lam's two posts this morning on .Net Security: Securing ASP.NET using Enterprise Services and Improving Web Application Security:...
Read more 8/18/2003
Read more 8/8/2003
A new book came out last month called Secure Coding: Principles and Practices. I am reading this now (just purchased today at SoftPro). It looks to...
Read more 6/25/2003
There are several Application Blocks from Microsoft lately, but the Configuration Management Application Block (released 6/24/2003) is one I have been...
Read more Pages: [1]
