As promised, here is the recording of MSDN Canada Writing Secure Code Fundamentals Virtual Conference. 

Enjoy the recording and I hope to see you at our next online Security sessions on October 18th, 2006.  This will be the first of eight, one hour monthly security sessions.  I am excited about the next session as it will provide you the knowledge and a demonstration of various tools that one can use to do preliminary testing to verify if an application written by an outside firm is in fact secure. 

When you ask someone if their application is secure, the answer is always yes.  Seriously, do you really think any one will say no?  Of course not as they just lost that sale and most likely future revenue.  So what is the incentive to say either "no" or "I do not know"?  Therefore, how do you really know if any application is secure if you are not going to do some preliminary security testing. 

Don't get trapped into what you want to hear whether it is true or not.  This just leads to a false sense of security and you might as well continue sticking your head in the sand.

Below is the thought process that occurs when you ask someone if their application is secure:

public static void main()


Console.WriteLine("Is App Secure: 1=Yes 2=No 3=Not Sure");
Console.Write("Please enter your selection: ");

string s = Console.ReadLine();

int n = int.Parse(s);
int revenue= 0;


case 1:
revenue+= 25,000;

case 2:
revenue+= 0; //oh wait no revenue...just kidding...
goto case 1; //therefore say yes

case 3:
revenue+= 0; //oh wait no revenue...just kidding...
goto case 1; //therefore say yes

revenue+=0; //go for the revenue
goto case 1; //this is the answer everyone wants to hear break;


if (revenue!= 0)
Console.WriteLine("Thank you for your business and of course the {0} dollars. Oh and you can Trust Me too!!",revenue);



You can register for the October 18th on-line event here.