On June 20th, we will be putting on a webcast entitled " The Microsoft Security Development Lifecycle (SDL) - Continuous Improvement and Demonstrated Results ". The Security Development Lifecycle is a process that is constantly evolving and has two main...

While surfing the Web, I came across the following article written by Michael Howard. The article really resonated for me because it covered the following points: Using analysis tools and experts to review your code (which can be accomplished...

As you can tell, there is a lot of activity going on with regards to Windows Vista. On May 23rd, we will be running a webcast entitled " Writing Secure Applications for Windows Vista ". Here is an abstract of the presentation: Have you tested your application...

Kenny Kerr is our guest blogger this month. Here is his bio: Kenny Kerr is a founding employee and Chief Software Architect at PlateSpin Ltd. where he designs and builds new products and helps drive the technical direction for PlateSpin’s market-leading...

Rodney Buike , my counterpart on the IT Pro team has set up a security webcast series which may be interesting to you. Here is a description of the series and the events: With every new OS release security is improved and refined and with Windows Vista...

Be sure to check out our latest security webcast this Wednesday. Here is the abstract: ASP.NET AJAX is a powerful framework for creating interactive and highly-personalized Web experiences that work across all the most popular browsers. Like any other...

Unfortunately, right at the very end of today's Webcast we experience a small technical difficulty with the on-line evaluation form. If you were not able to fill out the evaluation and you attended today's session can you please do so now, here . The...

Kevin Lam (Redmond, Washington) [Guest Blogger] Thoughts on Code Scanning Tools Information managers, developers and testers commonly make the mistake of seeing code scanning tools as replacement for security QA processes. As a result they get a false...

As promised, here is the recording of MSDN Canada Writing Secure Code Fundamentals Virtual Conference. Enjoy the recording and I hope to see you at our next online Security sessions on October 18th, 2006. This will be the first of eight, one hour monthly...

As I start investigating the use of AJAX technology for new or existing Web Applications there are some major concern around Security that arises. The good news is—for the most part--securing AJAX enabled Web Applications is very similar to securing traditional...

Wow! It was great to see such a high attendance and have it be sustained through three sessions and four hours in total. The three sessions were: Hacking Revealed presented by Dan Sellers (me) Mitigation and Detection by Kevin Lam Threat...

It still amazing in this day and age how many Security Professionals, Developers and Architect still believe in the Silver Bullet and automatically accept an Application is Secure becomes someone says it is. The quick and easy way out does not work when...

Dana Epp (Chilliwack B.C.) [Guest Bloggers] Security Myth: Only Large Teams Can Write Secure Code If you ask me, one of the biggest fallacies of writing secure code is that you can only accomplish it when you work in large teams and have bigger...

Tatiana Zamachnaia (Ottawa) [Guest Bloggers] Security Paranoia Revisited: Do Not Trust Even Gurus My latest consulting gig called for a reporting solution. I tried the GridView and other ASP.NET 2.0 controls but this solution needed a custom ASP...

The one topic that I get asked to talk about frequently is Encrypting Data with SQL Server 2005. Personally, I am very impressed with the build-in encryption support provided in SQL Server 2005, but one of my favorite and what appears to be a subtle Security...

To continue upon the success of last year MSDN Canada Security Webcasts we have raised the level up a notch or two this year. This year will consist of two Virtual Conferences and eight Security Webcasts titled "Security Chalk Talk" occurring monthly...

The ASP.NET User Principal (HTTPContext.User) clearly depends upon the Authentication Mechanism that you selected in IIS 6.0 "Authenication Tab" and if you use Integrated Windows Authentication then it is dependant on the IIS impersonation token that...

The one area that many developers do not have good grasp at is how Authentication tokens from IIS 6.0 is passed to ASP.NET 2.0 and how these tokens can subsequently be used for Authorization in an ASP.NET 2.0 Web Application. The one question that...

Welcome to this new blog dedicated 100% to Security for Canadian Developers. This blog will feature posts on a wide variety of helpful information that Developers should know to help make your applications more secure. Helping me this year will be...