Public Sector Developer Weblog

Microsoft Public Sector Developer and Platform Evangelism Team Blog. You can learn more about us at http://tinyurl.com/mspubsecdev.

Browse by Tags

Tagged Content List
  • Blog Post: Row Level Security for SQL Server 2008

    Update to this post from many moons ago! An important challenge for some public sector developers is providing label-based row level security in database-centric applications. Such systems require that classified and/or compartmented data be tagged with security labels and that access to data at...
  • Blog Post: SDL Developer Starter Kit - “Just Do It!”

    NOTE: This was cross posted from here . For those of you who haven’t heard of it, the Microsoft Security Development Lifecycle (SDL) is “A Microsoft-wide initiative and a mandatory policy since 2004, the SDL introduces security and privacy early and throughout the development process. Combining a holistic...
  • Blog Post: How to Videos: .NET Security Topics

    The MSDN folks have been releasing short "How to" videos over the past few months.  Recently they've released a series of "How Do I" Security videos for Developers of .NET Solutions.  They are nice and short and you can learn very simple things that you can do to make your...
  • Blog Post: Implementing SmartCard Authentication with ASP.NET

    This little nugget just landed in my inbox. Thanks to Jason for putting it together! http://choosing-a-blog-url-sucks.blogspot.com/2007/04/implementing-smartcard-authentication.html -Marc
  • Blog Post: AJAX Security

    Just about every time I do an ASP.NET AJAX presentation, someone asks me about some question about AJAX security. I always start of by saying, "I'm not an AJAX security expert, but I will do my best to answer your specifc questions..." Well, thanks to Joe Stagner , there are a bunch of upcoming AJAX...
  • Blog Post: SQL Server 2005 Label Security Toolkit

    As referenced at the 2006 PASS conference this week, the Label Security Toolkit for SQL Server 2005 can be downloaded here [update: the file is attached to this post too]. This toolkit demonstrates how to combine the capabilities of SQL Server 2005 to implement a label-based row and/or cell level security...
  • Blog Post: ASP.NET 2.0 Internet Security Reference Implemenattion

    I've been on vacation and doing some other things so I haven't blogged much lately. I've pretty much been "unplugged" for the majority of that time. I'm slowly catching up on reading others blogs, etc. and came across this on J.D. Meier's Blog . "The ASP.NET 2.0 Internet Security Reference Implementation...
  • Blog Post: Microsoft Security Summit East 2006

    Policy, Process, and Technology September 27-28, 2006 Washington DC On behalf of Microsoft Public Sector, we are pleased to invite you to the 11 th Microsoft Security Summit, “Policy, Process, and Technology ” on September 27 th and 28 th at the Washington Grand Hyatt in Washington DC. Our goal is to...
  • Blog Post: WCF Workshop Part 6 (Securing your Service Part 2 – Message Encryption)

    In Part 6 of the series, I’ve added to the security choices by showing how to do Message-Level (aka., Encryption) between the Service and Client. Unlike Transport-Level Security (or SSL over HTTP) which is point-to-point, Message-Level Security provides you with an option for end-to-end secure communications...
  • Blog Post: Web Service Software Factory Webcast

    I mentioned here that I hadn’t had the opportunity to get caught up on the progress with the Web Service Software Factory . I noticed Don Smith blog’d about a webcast he recently gave on this very subject. I just love screencasts and webcasts because they save me a heck of a lot of time that would have...
  • Blog Post: patterns & practices goes mobile

    "The Microsoft patterns & practices team has released the first Community Technical Preview (CTP) for the Mobile Client Software Factory. The factory will help architects and developers design and build mobile LOB solutions. The Mobile Client Software Factory will include a prescriptive architecture...
  • Blog Post: You MUST sign up for the Bi-weekly MSDN Flash

    Just check out the latest issue at http://msdn.microsoft.com/Flash/ This a bi-weekly newsletter that can be customized to the topics you are most interested in. Mine arrived this morning and contained info on the redesigned Windows Vista Developer Center . A pointer to a free book on Office 2007...
  • Blog Post: The importance of Evaluated Configuration: Windows Server 2003 vs SuSE EAL 4+ evaluations compared

    Very often in the world of check list-based decision making, subtlety is lost. The EAL evaluations of Windows Server and SuSE are great examples. Both are evaluated at EAL4+, so advantage: neither right? Not so fast. Have a look at this: http://www.microsoft.com/windowsserversystem/facts/analyses...
  • Blog Post: Microsoft Federal Architect Forum 06 content

    The content for the 2006 Microsoft Federal Architect Forum will be posted on Federaldeveloper.com (link is here: http://tinyurl.com/luawt ) For those who were able to attend, thank you! - Keith
  • Blog Post: Cryptograpy API: Next Generation (CNG)

    This just in from our Federal Security Program Manager Bill Billings: We recently posted new information on Cryptography API: Next Generation (CNG) API within MSDN. CNG is the long-term replacement for the CryptoAPI and is designed to be extensible at many levels and cryptography agnostic in behavior...
  • Blog Post: Upcoming Northern Virginia SQL Server Users Group meeting

    I just noticed the latest announcement and figured I would share. Here are the highlights: Title – Best Practices for Securing and Auditing SQL Server 2005 http://www.novasql.com/presentations.htm Speaker – Jeremy Gaige, Systems Engineer of Idera Date and Time – Monday, April 24, 2006...
  • Blog Post: MSDN & TechNet Virtual Labs

    We've blogged about the Virtual Labs before, but the content keeps growing. I figured a friendly reminder wouldn't hurt. You'll find labs on ASP.NET 2.0, Visual Studio 2005 (including Team System), SQL Server 2005, BizTalk Server 2006, Window Communication Foundation, Windows Workflow Foundation, Smart...
  • Blog Post: SQL Server 2005 -- Tools for row and cell level security

    As if you needed more reasons to start using SQL Server 2005, we've got another big one! You may have seen links we posted on implementing row level security in SQL Server 2005 in previous posts . Now we are making available a toolkit for easily applying this design in your database. The toolkit comes...
  • Blog Post: 2 downloads on Threat Modeling

    What is Microsoft Application Threat Modeling (Hi-Res Video) Brief Description: A video introducing the Microsoft Application Threat Modeling process. Microsoft Threat Analysis & Modeling v2.0 BETA2 Brief Description: Threat modeling to empower application risk management. - Keith
  • Blog Post: Secure Software Forum -- Workshop series

    The Secure Software Forum is conducting a Workshop Series over the next few months. During these events they will discuss best practices for implementing security early in the software application lifecycle and participants will learn specific techniques that can be used to uncover and resolve security...
  • Blog Post: ASP.NET 2.0 Security Guidance

    I just saw an email from JD via Brian that provided a single list of all the ASP.NET 2.0 Security Guidance work they've produced in recent months...it's an impressive list which I thought was valuable to share: Key Recommendations/Guidelines: ASP.NET 2.0 Security Guidelines: http://msdn.microsoft...
  • Blog Post: Security episode of The Code Room

    The latest edition is now online...check it out at: http://www.thecoderoom.com/vegas/ -Darryl
  • Blog Post: InfoCards for user-centered identity

    Here's a teaser video that introduces InfoCards -- a newly announced solution to deal with the problem of identity on the Internet. http://msdn.microsoft.com/msdntv/episode.aspx?xml=episodes/en/20060209InfoCardKC/manifest.xml See Kim's blog at http://identityblog.com/ for more good info. -Darryl
  • Blog Post: Web Services Security Webcasts

    Keith blogged about the Web Service Security Guide earlier. Don Smith just blogged about a series of webcasts based on this guide. The first one titled Securing Web Services with X.509 Certificates in WSE 3.0 was recorded and you can find it here . There are two more coming up titled Securing Web Services...
  • Blog Post: Configuring ClickOnce Trusted Publishers

    First, thank you to everyone who attended the DC Launch. A few people asked about how to configure ClickOnce trusted publishers after the Smart Client session at the DC Launch. My co presenter, Brian Noyes, has an article over on MSDN that walks you through the concept and configuration process. I had...
Page 1 of 2 (42 items) 12