Friday, November 11, 2005 8:45 AM
Paul Maher
Microsoft Launch Session - "Writing Secure Code"
Well it's been a while since I have written anything in my blog...so I thought it was about time for an entry!
So I'm sure you are aware of the VS2005/SQL2005/BizTalk launch sessions that have been going on around the UK. I was fortunate enough to be asked to participate in a session in Birmingham entitled – “Writing Secure Code” a Chalk and Talk.
I think the session went well…I am still waiting for the feedback! There were four of us involved in the session, with Marcus Perryman taking the lead. It was a very free form session based around some suggested titles and then away we went…
I wanted to post some follow up information that was talked about in the session, so see below for full details:
Books:
See “Bedtime Security Reading” entry below
Security Engineering Index:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/SecurityEngIndex.asp
How-To - Perform Security Code Review on Managed Code:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGQuestionList0002.asp
Patterns and Practices Home Page:
http://msdn.microsoft.com/practices/
Static Analysis and FxCop:
http://www.gotdotnet.com/team/fxcop/
http://blogs.msdn.com/jason_anderson/archive/2004/09/05/225798.aspx
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnvsent/html/vsts-dev.asp
Web Service Enhancements:
WSE 3.0:
http://msdn.microsoft.com/msdnmag/issues/05/11/SecurityBriefs/default.aspx
Keith Brown article on strengthening UserName token:
http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnwse/html/securusernametoken.asp
WSE Home Page:
http://msdn.microsoft.com/webservices/webservices/building/wse/default.aspx
Web Security:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/tmwa.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetlpmsdn.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetlpmsdn.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/TMWAcheatsheet.asp
http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.ASPNET2SecurityFAQs
Visual Studio Team System Developer Center:
http://msdn.microsoft.com/vstudio/teamsystem/default.aspx
Must Watch:
Cryptography Overview: http://www.microsoft.com/uk/technet/itsshowtime/sessionh.aspx?videoid=17
Useful Resource:
Online Keith Brown's developer security book: http://pluralsight.com/wiki/default.aspx/Keith.GuideBook.HomePage
By the way if you were at the session, please feel free to drop a comment on how you thought the session went – Good, Bad or Ugly. If you really didn’t enjoy the session, constructive ideas for improvement would be greatly welcomed – Thanks!
