Security for Canadian Developers

Security Development Lifecycle Webcast

On June 20th, we will be putting on a webcast entitled " The Microsoft Security Development Lifecycle (SDL) - Continuous Improvement and Demonstrated Results ". The Security Development Lifecycle is a process that is constantly evolving and has two main

8 Simple Rules For Developing More Secure Code

While surfing the Web, I came across the following article written by Michael Howard. The article really resonated for me because it covered the following points: Using analysis tools and experts to review your code (which can be accomplished with tools

Developer Windows Vista Security Webcast in May

As you can tell, there is a lot of activity going on with regards to Windows Vista. On May 23rd, we will be running a webcast entitled " Writing Secure Applications for Windows Vista ". Here is an abstract of the presentation: Have you tested your application

[Guest Blog] User Account Control for Developers

Kenny Kerr is our guest blogger this month. Here is his bio: Kenny Kerr is a founding employee and Chief Software Architect at PlateSpin Ltd. where he designs and builds new products and helps drive the technical direction for PlateSpin’s market-leading

IT Professional Security Webcasts

Rodney Buike , my counterpart on the IT Pro team has set up a security webcast series which may be interesting to you. Here is a description of the series and the events: With every new OS release security is improved and refined and with Windows Vista

ASP.NET AJAX Security Webcast

Be sure to check out our latest security webcast this Wednesday. Here is the abstract: ASP.NET AJAX is a powerful framework for creating interactive and highly-personalized Web experiences that work across all the most popular browsers. Like any other

Post Webcast: Is Your App Secure?

Unfortunately, right at the very end of today's Webcast we experience a small technical difficulty with the on-line evaluation form. If you were not able to fill out the evaluation and you attended today's session can you please do so now, here . The

[Guest Blogger] Kevin Lam Thoughts on Code Scanning Tools

Kevin Lam (Redmond, Washington) [Guest Blogger] Thoughts on Code Scanning Tools Information managers, developers and testers commonly make the mistake of seeing code scanning tools as replacement for security QA processes. As a result they get a false

MSDN Canada: Security Virtual Conference Recording

As promised, here is the recording of MSDN Canada Writing Secure Code Fundamentals Virtual Conference. Enjoy the recording and I hope to see you at our next online Security sessions on October 18th, 2006. This will be the first of eight, one hour monthly

Introduction to AJAX Security

As I start investigating the use of AJAX technology for new or existing Web Applications there are some major concern around Security that arises. The good news is—for the most part--securing AJAX enabled Web Applications is very similar to securing traditional

Post Security Virtual Conference Recap--Writing Secure Code Fundementals

Wow! It was great to see such a high attendance and have it be sustained through three sessions and four hours in total. The three sessions were: Hacking Revealed presented by Dan Sellers (me) Mitigation and Detection by Kevin Lam Threat Modeling by Deepak

An Application or Device is Only as Secure as it was Tested Against

It still amazing in this day and age how many Security Professionals, Developers and Architect still believe in the Silver Bullet and automatically accept an Application is Secure becomes someone says it is. The quick and easy way out does not work when

[Guest Blogger] Dana Epp on Security Myth: Only Large Teams Can Write Secure Code

Dana Epp (Chilliwack B.C.) [Guest Bloggers] Security Myth: Only Large Teams Can Write Secure Code If you ask me, one of the biggest fallacies of writing secure code is that you can only accomplish it when you work in large teams and have bigger budgets.

[Guest Blogger] Tatiana Zamachnaia on Security Paranoia Revisited: Do Not Trust Even Gurus

Tatiana Zamachnaia (Ottawa) [Guest Bloggers] Security Paranoia Revisited: Do Not Trust Even Gurus My latest consulting gig called for a reporting solution. I tried the GridView and other ASP.NET 2.0 controls but this solution needed a custom ASP.NET Server

Signing Modules in SQL Server 2005 with Certificates

The one topic that I get asked to talk about frequently is Encrypting Data with SQL Server 2005. Personally, I am very impressed with the build-in encryption support provided in SQL Server 2005, but one of my favorite and what appears to be a subtle Security