Welcome to this new blog dedicated 100% to Security for Canadian Developers. This blog will feature posts on a wide variety of helpful information that Developers should know to help make your applications more secure.
Helping me this year will be a team of Security Matter Experts consisting of Architects and Developers that work in Canadian software industry. Currently, I also have my original blog which contains a lot of helpful information on security as well as other topics. After listening to your feedback I felt it was necessary to create this new blog to make it easier to find security related information from myself and my team of Security experts.
In fact my next post will be on IIS 6.0 and ASP.Net 2.0. The reason I picked this for my first topic, is because I am surprised by the number of people that believe by running the IIS 6.0 in an application pool with a low privilege account will prevent hacks against Web Applications. I wish security was that easy and this was the silver bullet everyone is searching for to prevent Web attacks. Now obviously, you want to use a low privilege account, but we need to do a lot more in terms of how we do input validation and what credentials are being passed between IIS 6.0 and our ASP.Net 2.0 applications. Stay tune to my next blog on this topic in a lot more detail.