The ASP.NET 2.0 and security team has released excellent training modules on APS.NET 2.0 security, including labs, modules and videos. This covers such topics as XSS, SQL Injection and much more at: http://channel9.msdn.com/wiki/default.aspx/SecurityWiki...

I just finished creating a web site that receives RSS feeds by using the ASP.NET 2.0 toolkit created by Dmitry of the ASP.NET Team. If you need to consume or expose RSS feeds then you need to test drive the toolkit. It also comes with source code. ...

The Code Room is online ½ hour TV show focusing on developers and the programming challenges that they face. The latest show, in a very, very cool way, will demonstrate the impact of a hacked environment (a casino in the show) that has been penetrated...

Microsoft just released a new Anti-XSS tool that works with .NET Framework 1.0, 1.1 and 2.0. Anytime you echo user input back to the Web Page you are susceptible either persistent or non-persistent cross site scripting attacks . You can download the tool...

Wow! We currently have 1800 people registered for Security on the Brain Webcasts . There is still room, so if you want to learn more about developing secure software using Visual Studio 2005 and .NET Framework 2.0 then these five sessions for one hour...

One of the themes discussed at RSA 2006 was Secure Software. Secure software is up to businesses and most businesses are not doing enough to build and buy securely written software, according to a panel of corporate security executives, academics and...

The February CTP for Windows Vista, Windows SDK (and WinFX) and Orcas technologies such as Cider have been released on the Windows Vista and WinFX Dev Centers. http://msdn.microsoft.com/windowsvista http://msdn.microsoft.com/winfx After working...

As I mentioned in my last blog entry I think Code Snippets is one my favorite features in Visual Studio 2005. However, I found creating snippets by marking up XML—at times—can be cumbersome until now that is! Snippy is a simple but cool UI tool for building...

I would have to rank Code Snippets as one of my favorite features added to Visual Studio 2005. But the code snippets that were initially available only for Visual Basic developers can now be downloaded for C# developers as well at: http://msdn.microsoft...

If you have been using Visual Studio 2005 at least once you will have probably noticed that the Start Page has changed and receives RSS feeds from http://msdn.microsoft.com for WebCasts. Further yet if you have not noticed there is also a new menu called...

When I recently installed only the v2.0 .NET redist package, I noticed that the .NET Configuration MMC was MIA and the only tool available was Caspol. Therefore, after some research I noticed with .NET Fx 2.0 many of the Security tools were moved to the...

If you are writing Services for Windows then you need to read the just released Microsoft Knowledge Base article on Best Practices and Guidance for writers of Service discretionary access control lists. Service discretionary access control lists...

The ASP.NET team created some high quality video series on ASP.NET 2.0 – the How Do I video series. It covers many of the common tasks and many of the productivity benefits of the platforms in short 15 minute digestable videos. This is a great resource...

The OASIS group has officially approved WS-Security v1.1 as a standard. Check out the official release from OASIS here

I think by now we all know that all data input from a Web UI should be considered evil until validated. We also know that data validation performed strictly on the client is not really there for security but rather better responsiveness to the End-Users...

As you start shifting from ASP.NET 1.1 to ASP.NET 2.0 development there may be instances where you want to be able to share Authentication cookies between different versions of your ASP.NET Web Sites. Due to another subtle security changes made to Forms...

It is hard to believe but approximately 70% of home computers are not using any software Firewall protection--such as the one that comes with Windows XP SP 2--or even any anti-virus software. And of course we can easily conclude that these home computers...

I have already highlighted some of the subtle security and migration issues with .NET Framework 2.0 such as: SN tool work with PFX Files Safe CRT Libraries This time, however, I will talk about a third subtle change which is to do with the...

Microsoft Windows Defender Beta 2 is a spyware protection program that I have personally been using on few computers for serveral months now. I like how it automatically updates itselfs and how, for the most part keeps on running smoothly in the back...

.NET Framework 2.0 sn tool has the ability to work with PKCS #12 PFX files in addition to SNK files. This offers the benefit of having your keys stored in encrypted format rather than the standard plain text. You can get more detailed information from...

We just finished out third episode of Plumbers at Work Episode 3 for your listening pleasures. Show Notes: Introduction Around the Horn with the Plumbers Security March with Dan Sellers Microsoft Blacklisted C++ Libraries...

When Visual Studio 2005 was released in November 2005 there were many features announced and talked about extensively. However, I found one piece that was overlooked was the major changes made to the C and C++ Runtime Library to improve Security in your...

I have seen this question in forums as well as many emails on how to configure two versions of the .NET Framework to work with IIS for different sites. I thought I would share the steps outline below that someone wrote: Install both versions...

Are you interested in Security from a Developer prespective then check out the new MSDN Canada Security on the Brain Web Site. This site is dedicated to provide the lastest information on Security for Developers as well as upcoming events such as the...

Web Services were enhanced with the release of .NET Framework 2.0 and then came along WSE 3.0 in December 2005 and in January 2006 Microsoft announced GO-LIVE licensing for Windows Communication Foundation (formerly known as Indigo). If you are confused...