Microsoft Security Summit - Melbourne

Published 11 March 04 09:34 PM | alexcampbell

I spent today at the Security Summit here in Melbourne... m

  • The event was free - it was nice to see Microsoft dipping into its desktop monopoly profits for some purpose other than crushing a competitor
  • There were lots of yummy cakes etc - guaranteed to get any coder onside!  Although I think to get me on the team they'd need a Red Bull fountain...
  • I skipped the keynote in the morning (8am is an hour that is unfamiliar to me, particularly so when I think of listening to 1.5 hours of  'trusted computing' press release drivel)
  • The first two sessions were about Smart Client applications and were thus largely irrelevant to me as an ASP.Net developer
  • The chairs in the presentation room were really uncomfortable (these Herman Miller chairs we have really spoil you and now I get a sore bum on anything other than an Aeron or a couch)
  • Microsoft Virtual PC is a pretty awesome product (I remarked to my colleague “fuck his laptop is running Windows 2003 Server pretty slow“ and it turned out that Dave Glover was running it in a Virtual PC window... it seems that he also had 2003 Server with Whidbey running in another VPC window... no wonder it was slow!)  (it is fun to note that this most interesting part of the summit for me was actually not written at Microsoft but was taken from a company that MS bought out)
  • In the ASP.Net security session Dave demonstrated some common vulnerabilities (SQL injection attacks, directory traversal etc) that would have been familiar to anyone who reads these weblogs and keeps up to date with the web development community
  • Dave also outlined “best practises“ approaches to overcoming these vulnerabilities (use parameterised stored procedures, validate input) - nothing earth shattering but definitely worth reminding people of
  • A large emphasis seemed to be placed on explaining the security features of ASP.Net and the security models within the framework, rather than specific threats
  • Of course, the coolest part was the Whidbey preview at the end - MS is such a tease!

Overall it was a pretty good day, but I think the information presented could have been more efficiently conveyed by writing it down on one side of an A4 sheet of paper.

Comments

# Thomas Williams said on March 11, 2004 05:25 PM:

Hey Alex -

I'd been umming and aahing over going for a couple of weeks - I'm glad I didn't now, but I'm also glad to be given a run-down on what happened (I saw a lot of the SQL injection/XSS stuff at an MSDN Update last year with a really good US speaker...forget his name).

Thanks!

# Alex Hoffman said on March 14, 2004 05:01 PM:

Thanks for the "real" description. Refreshing after reading a couple of glowing reports from Microsoft groupies :)