Welcome to MSDN Blogs Sign in | Join | Help

February 2006 - Posts

Monday, February 27, 2006 9:43 PM

ASP.NET 2.0 Security Training Modules and Videos!!!

The ASP.NET 2.0 and security team has released excellent training modules on APS.NET 2.0 security, including labs, modules and videos. This covers such topics as XSS, SQL Injection and much more at: http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.SecurityTrainingModules
Posted by dansellers | 2 Comments
Filed under:
Monday, February 27, 2006 9:14 PM

Cool ASP.NET 2.0 RSS Toolkit Released!

I just finished creating a web site that receives RSS feeds by using the ASP.NET 2.0 toolkit created by Dmitry of the ASP.NET Team. If you need to consume or expose RSS feeds then you need to test drive the toolkit. It also comes with source code. Also
Posted by dansellers | 0 Comments
Saturday, February 25, 2006 10:07 PM

The Code Room: BREAKING INTO VEGAS!

The Code Room is online ½ hour TV show focusing on developers and the programming challenges that they face. The latest show, in a very, very cool way, will demonstrate the impact of a hacked environment (a casino in the show) that has been penetrated
Posted by dansellers | 4 Comments
Filed under: ,
Thursday, February 23, 2006 3:10 PM

Microsoft Release new Anti-XSS tool

Microsoft just released a new Anti-XSS tool that works with .NET Framework 1.0, 1.1 and 2.0. Anytime you echo user input back to the Web Page you are susceptible either persistent or non-persistent cross site scripting attacks . You can download the tool
Posted by dansellers | 11 Comments
Filed under:
Thursday, February 23, 2006 1:46 PM

SECURITY ON THE BRAIN Webcast Series

Wow! We currently have 1800 people registered for Security on the Brain Webcasts . There is still room, so if you want to learn more about developing secure software using Visual Studio 2005 and .NET Framework 2.0 then these five sessions for one hour
Posted by dansellers | 0 Comments
Filed under:
Thursday, February 23, 2006 11:20 AM

RSA 2006: Secure Software is up to Business

One of the themes discussed at RSA 2006 was Secure Software. Secure software is up to businesses and most businesses are not doing enough to build and buy securely written software, according to a panel of corporate security executives, academics and
Posted by dansellers | 0 Comments
Filed under:
Thursday, February 23, 2006 12:12 AM

Windows Vista and WinFX February CTP just released!

The February CTP for Windows Vista, Windows SDK (and WinFX) and Orcas technologies such as Cider have been released on the Windows Vista and WinFX Dev Centers. http://msdn.microsoft.com/windowsvista http://msdn.microsoft.com/winfx After working with Windows
Posted by dansellers | 0 Comments
Wednesday, February 22, 2006 12:02 AM

Snippy—a cool UI tool for building Code Snippets

As I mentioned in my last blog entry I think Code Snippets is one my favorite features in Visual Studio 2005. However, I found creating snippets by marking up XML—at times—can be cumbersome until now that is! Snippy is a simple but cool UI tool for building
Posted by dansellers | 0 Comments
Filed under:
Tuesday, February 21, 2006 11:42 PM

New C# Code Snippets for Visual Studio 2005

I would have to rank Code Snippets as one of my favorite features added to Visual Studio 2005. But the code snippets that were initially available only for Visual Basic developers can now be downloaded for C# developers as well at: http://msdn.microsoft.com/vstudio/downloads/codesnippets/default.aspx
Posted by dansellers | 0 Comments
Filed under:
Tuesday, February 21, 2006 11:22 PM

MSDN Forums Integrated with Visual Studio 2005

If you have been using Visual Studio 2005 at least once you will have probably noticed that the Start Page has changed and receives RSS feeds from http://msdn.microsoft.com for WebCasts. Further yet if you have not noticed there is also a new menu called
Posted by dansellers | 0 Comments
Filed under:
Tuesday, February 21, 2006 10:34 PM

Where are the Security Configuration Tools in .NET Fx 2.0?

When I recently installed only the v2.0 .NET redist package, I noticed that the .NET Configuration MMC was MIA and the only tool available was Caspol. Therefore, after some research I noticed with .NET Fx 2.0 many of the Security tools were moved to the
Posted by dansellers | 1 Comments
Filed under:
Tuesday, February 21, 2006 10:04 PM

DACL guidance to writing Services

If you are writing Services for Windows then you need to read the just released Microsoft Knowledge Base article on Best Practices and Guidance for writers of Service discretionary access control lists. Service discretionary access control lists (DACLs)
Posted by dansellers | 0 Comments
Filed under:
Tuesday, February 21, 2006 8:25 PM

ASP.NET How Do I Video Series

The ASP.NET team created some high quality video series on ASP.NET 2.0 – the How Do I video series. It covers many of the common tasks and many of the productivity benefits of the platforms in short 15 minute digestable videos. This is a great resource
Posted by dansellers | 2 Comments
Sunday, February 19, 2006 1:11 AM

Web-Security v1.1 is now a Standard

The OASIS group has officially approved WS-Security v1.1 as a standard. Check out the official release from OASIS here
Posted by dansellers | 0 Comments
Filed under:
Thursday, February 16, 2006 9:18 PM

Data Validation—Deny-list or Approve-list approach?

I think by now we all know that all data input from a Web UI should be considered evil until validated. We also know that data validation performed strictly on the client is not really there for security but rather better responsiveness to the End-Users
Posted by dansellers | 4 Comments
Filed under:
Thursday, February 16, 2006 7:55 AM

Sharing Forms Authentication between ASP.NET 1.1 and ASP.NET 2.0 Applications

As you start shifting from ASP.NET 1.1 to ASP.NET 2.0 development there may be instances where you want to be able to share Authentication cookies between different versions of your ASP.NET Web Sites. Due to another subtle security changes made to Forms
Posted by dansellers | 0 Comments
Filed under: ,
Wednesday, February 15, 2006 1:48 AM

Windows OneCare Live--Get the Beta

It is hard to believe but approximately 70% of home computers are not using any software Firewall protection--such as the one that comes with Windows XP SP 2--or even any anti-virus software. And of course we can easily conclude that these home computers
Posted by dansellers | 0 Comments
Filed under:
Wednesday, February 15, 2006 12:34 AM

Change to ASP.NET 2.0 Forms Authentication Persistent Cookies

I have already highlighted some of the subtle security and migration issues with .NET Framework 2.0 such as: SN tool work with PFX Files Safe CRT Libraries This time, however, I will talk about a third subtle change which is to do with the cookie expiration
Posted by dansellers | 1 Comments
Filed under: ,
Tuesday, February 14, 2006 4:41 PM

Windows Defender Beta 2 is now Out

Microsoft Windows Defender Beta 2 is a spyware protection program that I have personally been using on few computers for serveral months now. I like how it automatically updates itselfs and how, for the most part keeps on running smoothly in the back
Posted by dansellers | 1 Comments
Filed under:
Tuesday, February 14, 2006 4:31 PM

SN v2.0 Works With PFX Files

.NET Framework 2.0 sn tool has the ability to work with PKCS #12 PFX files in addition to SNK files. This offers the benefit of having your keys stored in encrypted format rather than the standard plain text. You can get more detailed information from
Posted by dansellers | 1 Comments
Filed under:
Monday, February 13, 2006 10:13 PM

Plumbers@Work Episode 3 hits the street

We just finished out third episode of Plumbers at Work Episode 3 for your listening pleasures. Show Notes: Introduction Around the Horn with the Plumbers Security March with Dan Sellers Microsoft Blacklisted C++ Libraries SHA-1 Discussion Team Foundation
Posted by dansellers | 0 Comments
Filed under:
Monday, February 13, 2006 9:58 PM

Visual Studio 2005 Safe C and C++ (Safe CRT) Runtime Library

When Visual Studio 2005 was released in November 2005 there were many features announced and talked about extensively. However, I found one piece that was overlooked was the major changes made to the C and C++ Runtime Library to improve Security in your
Posted by dansellers | 2 Comments
Filed under:
Monday, February 13, 2006 9:48 PM

IIS and Multiple Version of .NET Framework

I have seen this question in forums as well as many emails on how to configure two versions of the .NET Framework to work with IIS for different sites. I thought I would share the steps outline below that someone wrote: Install both versions of the Frameworks
Posted by dansellers | 1 Comments
Filed under:
Monday, February 13, 2006 9:42 PM

Security on the Brain

Are you interested in Security from a Developer prespective then check out the new MSDN Canada Security on the Brain Web Site. This site is dedicated to provide the lastest information on Security for Developers as well as upcoming events such as the
Posted by dansellers | 1 Comments
Filed under:
Friday, February 10, 2006 9:20 AM

ASMX 2.0, WSE 3.0 and WCF

Web Services were enhanced with the release of .NET Framework 2.0 and then came along WSE 3.0 in December 2005 and in January 2006 Microsoft announced GO-LIVE licensing for Windows Communication Foundation (formerly known as Indigo). If you are confused
Posted by dansellers | 0 Comments
Filed under:
Friday, February 10, 2006 8:09 AM

.NET Pet Shop 4

.NET Pet Shop 4 sample application has now been released to the MSDN. It worthwhile looking at this application as it discusses how the application was migrated from ASP.NET 1.1 as well as highlighting the best practices for building n-tier ASP.NET 2.0
Posted by dansellers | 1 Comments
Filed under:
Wednesday, February 08, 2006 10:25 PM

Crypto Key Length

I got this from Michael Howard's Blog and it is a cool web app that provides recommended key length to achieve adequate protection for your application to a specific number of years. http://www.keylength.com
Posted by dansellers | 0 Comments
Filed under:
Tuesday, February 07, 2006 5:09 PM

Visual Studio Add-In That Converts C# Code To Visual Basic

The one question that I get asked quite often is how can I convert some C# code to Visual Basic or vice versal. Normally I point people off of my favorite site such as: http://www.carlosag.net/Tools/CodeTranslator/Default.aspx . But I was really impressed
Posted by dansellers | 0 Comments
Tuesday, February 07, 2006 4:42 PM

DevTeach -- International Developer Conference (Montreal)

This year I will be presenting two Security related talks at DevTeach in Montreal, Canada. DevTeach stands for Developer Teaching and will be held from May 8-12, 2006. The 2006 sessions' lineup is now complete. .NET General Web Development Smart Client
Posted by dansellers | 2 Comments
Tuesday, February 07, 2006 4:05 PM

VSLive Toronto

Microsoft Canada will be sponsoring VSLive in Toronto for the third straight year. This year VSLive will be from April 24-27, 2006 and our super early bird and early bird registration are still open. Super Early Bird Discount (register by February 15,
Posted by dansellers | 1 Comments
Tuesday, February 07, 2006 4:01 PM

Launch of the new MSDN Canada Security Page

The MSDN team would like to announce the launch of its new MSDN Canada Home Page Home Page : A new design created to provide more relevant content for Canadian developers. The home page features Local Headlines (RSS) displayed on both MSDN.CA and MSDN.COM.
Posted by dansellers | 1 Comments
Tuesday, February 07, 2006 2:01 PM

Team Foundation Server RC1 is Live

The Team Foundation Server Release Candidate bits including upgrade utilities are now available for download worldwide from the MSDN Subscriber Downloads To upgrade from Beta3 Refresh to RTM, please follow these steps: Backup your server and copy the
Posted by dansellers | 1 Comments
 
Page view tracker