Welcome to MSDN Blogs Sign in | Join | Help

March 2006 - Posts

Sunday, March 26, 2006 11:14 PM

Regulatory Compliance: An Introduction to Compliance for Developers

With the ever increasing regulatory requirements for organizations, many of the applications we write may need to meet certain compliances. Here is an interesting read for developers: Regulatory Compliance Demystified: An Introduction to Compliance for
Posted by dansellers | 0 Comments
Filed under:
Friday, March 24, 2006 12:26 AM

SQL Server 2005 Security for Developers Webcast for on-demand viewing is available

The on-demand Webcast of SQL Server 2005 for Developers, conducted on March 22, 2006, by Rob Walters--Program Manager, SQL Server Security-- and I, is now available for on-demand viewing . Post Notes from this Webcast can be found at my blog . Look forward
Posted by dansellers | 1 Comments
Filed under: ,
Wednesday, March 22, 2006 4:13 PM

"Atlas" March CTP with Go Live license, now available

At MIX06 , it was announced that the "Atlas" March CTP is now available and it has a Go Live license so you can take applications into production. The atlas team also re-launched the http://atlas.asp.net/ with a new "Atlas" enabled experience, customer
Posted by dansellers | 0 Comments
Filed under:
Wednesday, March 22, 2006 2:54 PM

Regenerating Keys in SQL Server 2005

In my latest Webcast on SQL Server 2005 Security one of the questions that came up was: “If some fields of your table are encrypted and you are suspicious that the key has been revealed can you re-encrypt all the fields with the regenerated key”? Currently,
Posted by dansellers | 1 Comments
Filed under:
Wednesday, March 22, 2006 1:59 PM

Post Webcast’s Notes: Securing SQL Server 2005 for Developers

This morning was a jammed filled session covering off a lot of changes made to Microsoft SQL Server 2005. Over the last few weeks we talk exclusively about Front End security issues such as Input trust and the creation of a Development and Design environment
Posted by dansellers | 4 Comments
Filed under: ,
Wednesday, March 22, 2006 1:03 PM

realDEVELOPMENT_06 tour is Coming!

Earlier this week, MSDN Canada announced the realDEVELOPMENT_06 tour. realDEVELOPMENT_06 will feature two sets of sessions; one entitled, "Web Platform" and the other entitled, "Security on the Brain". The Web Platform Sessions will feature talks on technologies
Posted by dansellers | 0 Comments
Filed under:
Sunday, March 19, 2006 1:59 PM

IOSEC and Anti-Cross Site Scripting Tool

Recently, Microsoft released the latest update to Anti-Cross Site Scripting tool which is part of a bigger plan known as the Microsoft IOSEC—an internal library. The IOSEC library currently implements encoding protection against XSS attacks conducted
Posted by dansellers | 0 Comments
Filed under:
Thursday, March 16, 2006 7:00 PM

Code Scanning Tools' WebCast for on-demand viewing is available

The on-demand version of the Visual Studio 2005 and Code Scanning Tools, conducted on March 15, 2006,by Kevin Lam and I, is now available for on-demand viewing . Look forward to seeing everyone for next week webcast .
Posted by dansellers | 0 Comments
Filed under: ,
Thursday, March 16, 2006 3:53 PM

Team Foundation Server Ships Tomorrow

You may not have heard it here first, but Rick LaPlante announced today, at SDWest 2006, that Microsoft is releasing Visual Studio 2005 Team Foundation Server tomorrow—March 17, 2006. This was reported in Rob Carron’s blog . Team Foundation Server should
Posted by dansellers | 1 Comments
Filed under:
Wednesday, March 15, 2006 8:46 PM

The New Beta Experience: This is really cool!!!

The Beta Experience is the new testing platform with tailor-made information for Microsoft developers. By registering to the Beta Experience you will be provided with the opportunity to download or order the latest Beta versions of Microsoft software
Posted by dansellers | 0 Comments
Filed under:
Wednesday, March 15, 2006 8:10 PM

Speaking at VSLive and 10% Discount for VSLive Registration

This year I will be speaking at VSLive in Toronto . VSLive will be held at the Toronto Congress Centre from April 24-27, 2006. I will be doing one of my favorite talks on the last day of the event titled: " Developing Advanced Custom Providers for ASP.NET
Posted by dansellers | 0 Comments
Filed under:
Wednesday, March 15, 2006 7:35 PM

Webcast's Post Notes: Visual Studio 2005 and Code Scanning Tools

In today’s webcast we had the opportunity to explore the buffer overrun attack in depth which is considered one of the worst vulnerabilities that exist. Any code that is written in C or C++ --without proper security code reviews--on any platform is susceptible
Posted by dansellers | 2 Comments
Filed under: ,
Tuesday, March 14, 2006 1:24 PM

Making Your Application a Windows Vista Application: The Top Ten Things to Do

Back in December 2005 Microsoft created a series on the top ten things to do to make your Applications a Vista Application. The original article can be seen here ! Since then there has been additional articles with the latest one being released this month
Posted by dansellers | 1 Comments
Tuesday, March 14, 2006 1:07 PM

Ops!!! SecurePasswordTextBox Update now Available

After last week WebCast --in which I talked about the new System.Security.SecureString class as well as the cool SecurePasswordTextBox that Paul Glavs wrote--he experienced an sudden increase in downloads. You can read about it here ! Recently, Paul has
Posted by dansellers | 0 Comments
Filed under:
Monday, March 13, 2006 9:17 PM

ASP.NET 2.0 and the new HTTP-only property

To minimize the threat of Cross Site scripting attacks ASP.NET 1.1 introduced the ValidateRequest="true" on the @ Pages element. Recently, Microsoft improved the HttpUtility.HtmlEncode with the new Anti-XSS tool . But another subtle and equally important
Posted by dansellers | 1 Comments
Filed under:
Friday, March 10, 2006 12:05 PM

Least Privilege Development in Microsoft Windows Vista

In my last Webcast on Least Privilege I eluded to the fact that this was going to change with the release of Windows Vista. In fact it is going to change significantly. Here is a white paper that provides an understanding of User Account Protection (UAP)
Posted by dansellers | 1 Comments
Filed under:
Friday, March 10, 2006 11:22 AM

Thoughts on Security Analogies

I thought I would share Michael Howard's recent blog on " Security Analogies are Wrong ". I agree with Michael take on Security Analogies as I hear them all the time but I thought his post was hilarous as he turns the tables with his counter analogy:
Posted by dansellers | 1 Comments
Filed under:
Friday, March 10, 2006 11:14 AM

On Demand WebCast: Least Privilege Development and New System.Security Features

The latest Webcast "Least Privilege Development and New System.Security Features" which is part two of a five part series on examining the new security features and tools incorporated in Visual Studio 2005 and .NET Framework 2.0 is now ready for on-demand
Posted by dansellers | 0 Comments
Filed under:
Friday, March 10, 2006 2:11 AM

Microsoft Threat Analysis & Modeling tool v 2.0 (Beta 2)

Today Microsoft released Beta 2 of the second version of the Threat Modeling and Analysis Tool for download . Microsoft has been using the Threat Modeling methodology as part of our Security Development Lifecycle for a few years now. Threat Modeling is
Posted by dansellers | 1 Comments
Filed under:
Thursday, March 09, 2006 10:02 AM

Answer to the Trivial Question

The answer to the trivial question from my blog based upon the March 8, 2006 WebCasts “Least Privilege Development and New System.Security Features” is below: Question: The KeyInfo element can consist of either a <KeyName/> or a <RetrievalMethod/>
Posted by dansellers | 0 Comments
Filed under: ,
Thursday, March 09, 2006 9:05 AM

Developing as Non Admin with Admin Access on a Server

Here is another cool trick for running under Non Admin that was shared to me be by Aaron and works like a charm. The scenario is if you require Administrative privileges on an IIS Server but you still want to develop and design as non-admin on your local
Posted by dansellers | 0 Comments
Filed under:
Wednesday, March 08, 2006 5:30 PM

WebCast's Notes: Least Privilege and New System.Security Features

In today’s Webcast we first started off with a continuation from last week . Last week we explored how to setup a development and design environment that closely emulates your production environment to make your testing more effective and efficient. This
Posted by dansellers | 6 Comments
Filed under: ,
Tuesday, March 07, 2006 6:56 PM

Microsoft Updated Anti-XSS Tool

In a recent post I mentioned that Microsoft released a new Anti-Cross Site Scripting Tool. However, at the time the library only worked with ASP.NET 2.0 applications. Today, the Library has been updated and now works with .NET Framework 1.0, 1.1 and 2.0.
Posted by dansellers | 0 Comments
Filed under:
Tuesday, March 07, 2006 11:15 AM

Input Validation in ASP.NET? Bug or Not?

Recently I was pinged by a colleague in the security field and he asked me a question on why the Regular Expression Validator was not validating against Null values in a ASP.NET control. I was able to reproduce the same behaviour on both Visual Studio
Posted by dansellers | 2 Comments
Filed under:
Monday, March 06, 2006 7:43 PM

Partial Trust Development WebCast's Recording is now available for on-demand viewing

Last Wednesday--March 1, 2006--I delivered part one of my five part WebCasts ' series on the new tools and Security features in Visual Studio 2005 or .NET Framework 2.0. The recording of Part one--Partial Trust Development--is now available for viewing
Posted by dansellers | 0 Comments
Filed under: ,
Monday, March 06, 2006 7:36 PM

Least User Priviledge WhitePaper Released

This Wednesday--March 8, 2006--I will be doing part two of my part 5 Webcasts on some of the tools and security features incorporated into either Visual Studio 2005 or the .NET Framework 2.0. As a prequel to this week webcast --Least Priviledge and new
Posted by dansellers | 0 Comments
Filed under:
Monday, March 06, 2006 12:48 PM

Plumbers@Work Episode #4 is now recorded and available

Our forth episode #4 of plumbers at work is now online for listening pleasure. Show Notes Introduction News Bytes: Renaming of Office "12" to Office 2007 News Bytes: Release Date for Team Foundation Server (TFS) News Bytes: WSCF 0.6 Developer Destination:
Posted by dansellers | 0 Comments
Filed under:
Friday, March 03, 2006 4:38 PM

Microsoft Security Initiatives--Objective Point of View

I have come to know and respect Dana Epp for over 3 years now. The one thing I can say about Dana is he will always say it like he sees it , which is one reason I always value his feedback and opinion. When it comes to Security I can count on him to say
Posted by dansellers | 0 Comments
Filed under:
Friday, March 03, 2006 4:02 PM

Regular Expression: The Theory behind it!

When it comes to validating input regular expression becomes a very important part of your security plan. On a side note ensure your regular expressions are doing Acceptance-List approach and not a Deny-List approach to validation as mentioned in a previous
Posted by dansellers | 1 Comments
Thursday, March 02, 2006 9:03 AM

WebCast NOTES: Partial Trust Development with Visual Studio 2005

On Wednesday March 1, 2006 I conducted part one of a five part series titled “Security on the Brain”. The goal of this series of WebCasts is to examine some of the tools and security features that have been incorporated into either the .NET Framework
Posted by dansellers | 3 Comments
Filed under:
 
Page view tracker