patterns & practices Security Videos

We did a focused set of security videos with Keith Brown a while back.  The problem is they're not very findable (most customers I talk to aren't aware of them).  I added them to soapbox and listed them below to see if it helps (note soapbox may prompt you to log in):

Input and Data Validation Videos

They're designed to help you get key concepts behind some of our security guidance.   I also wanted to use somebody that was recognized in the field as somebody you could trust.  Keith's proven himself for a long time in the security community.  He also has the aura of an experienced trainer, which I think comes across in these videos.

Published 24 March 07 12:31 by J.D. Meier

Comments

# Internet Security and Programming » Blog Archive » patterns & practices Security Videos said on March 24, 2007 1:16 PM:

PingBack from http://thanadon.com/news/patterns-practices-security-videos.html

# Mike Lucas said on March 24, 2007 3:57 PM:

It doesn't help. Despite the fact that I have been watching MSDN webcasts for ages using my passport ID, I am not allowed into the site. Strangely if I try to get added to the registration database I am told that the email address is already in use.

# Kris said on March 24, 2007 5:56 PM:

I think sharing these kind of videos via Soapbox is silly to say the least. Why don't you host these on say Channel 9 or some place on MSDN. I am not complaining about logging in but wouldn't be nice to find these at one known place rather than screwn all over the net. And least of all I would not want to go to Soapbox from my work place.

# J.D. Meier said on March 24, 2007 8:20 PM:

Kris - They've been hosted on channel9 for over a year: http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.InputValidationTrainingModules

I would like to see them on MSDN.

# J.D. Meier said on March 24, 2007 8:21 PM:

Mike - I'm not sure what the soapbox issue is, but here's an alternative:

* Paths, URL s, and Canonicalization: http://mylabs.members.winisp.net/videos/canonicalization.wmv

* Cookies and Tamper Detection: http://mylabs.members.winisp.net/videos/cookies.wmv

* Cross Site Scripting: http://mylabs.members.winisp.net/videos/crosssitescripting.wmv

* Regular Expressions: http://mylabs.members.winisp.net/videos/regex.wmv

* SQL Injection: http://mylabs.members.winisp.net/videos/sql_injection2.wmv

* ASP.NET Validation Controls: http://mylabs.members.winisp.net/videos/validation.wmv

# Rui Quintino said on March 25, 2007 5:15 PM:

Just to drop a small note.

I never see any reference to using Page.IsValid on server postback handlers. It's mandatory for server validation! So, you don't have any kind of security without page.isvalid! In fact I have my doubts that that particular web cast is goind to the server for validation as mentioned by Keith.

I've said it before and I will say it again... it's confusing for developers to have to check this and it should be done by the framework, or there should by a warning of some kind.

From http://msdn.microsoft.com/msdnmag/issues/05/11/securewebapps/

"...(just make sure to always enforce server-side validation by calling Page.IsValid)..."

# Eric Jarvi said on March 26, 2007 10:55 AM:

"Click Here" http://blogs.msdn.com/jmeier/archive/2007/03/24/patterns-practices-security-videos.aspx

# David said on May 29, 2007 2:08 AM:

This is gonsalez music site - <a href="http://www.gonsalez.info/314150.html">best music site in da world</a>.

New Comments to this post are disabled

Search

This Blog

Syndication

Page view tracker