A Blog for Graymad

I sent one of our developers there. He was very impressed and had a lot of good things to say.

Glad to hear it, Greg. Thanks for letting me know!

I went and brought along one of my team and we left with the general impression that we won't attend again. I am sad to say this was our first, and last DevDays.

The opening keynote didn't start us off on the right foot. It was very much a propoganda pitch about how great VS.NET 2003 is or how big Long & Foster is etc. Especially disappointing with opening comments before the keynote talk about how excited they are because DevDays is for developers, by developers. If it were "by Developers" I would have expected a whole lot more passion for the product/platform/framework. Not "you should be using this because it will solve all your problems, please buy me" but, "you should be using this product because its so f@#@% cool! You can use it and the framework to build such and such and reuse this http module / component whatever to make sure you're not allowing XSS or hijacking attempts to be made." This whole propoganda, selling machine attitude resonated through to the evaluation forms with questions like; "Has dev days convinced you to buy/use VS.NET 2003", "Are you likely to recommend VS.NET 2003 because of DevDays"

Luckily the actual sessions, I stayed for all 4 asp.net security talks, were tolerable. I would say that most of the topics covered have been covered before (through blogs or articles or experience) but I must say I am somewhat disappointed that there were no examples on how cookie or session hijacking happens. It was professed to be a terrible thing, which it [hijacking] probably is, however, I would have loved to see an example of this. SQL Injection any shmuck can type ' OR 1=1 -- but what skillset, level of effort does it take to hijack a session?

In general I think a casual developer that does little more than read / learn to survive at her job would probably walk away with some good ideas. I think serious developers will walk away wondering "Is that it?"

Hi Jeff,

First, I'd like to say that I'm sorry you were disappointed. But I'd also say, in defense of the content, that you may be overestimating the experience of the average attendee and underestimating the amount of security education that's still necessary in our industry.

The difficulty in putting on an event like DevDays is to try to target the content at a level that will be both accessible to less experienced developers, while still offering value to more experienced developers. Sounds like you think we missed the boat this time. I hope that you provided that feedback on your eval form, and if not, you can contact the folks responsible for the event at the following URL:

http://www.mydevdays2004.com/contactus.aspx

Please do take the time to provide some feedback, as that's the best way to make sure that the events improve.

Andrew, I understand some of the logistic problems with setting up an event that caters to average and advanced users (more speakers, more space, maybe too many choices).

I also understand that we must be ever diligent in our pursuit of security, certainly in an industry like ours that is almost blindly trusted by the masses of users that install and run our applications.

I did provide feedback through the evaluation forms, having to write comments around 1-9 selection blocks because there wasn't a space for additional comments.

I do think you missed the boat with more experienced developers. I still feel that even casual reading of a few articles a week will cover the majority of the content presented during DevDays. I'm not expecting detailed discussions on number theory or cryptography, prime number generation algorithms or hash performance generation. A cursory discussion of SQL Injection and XSS then more detailed discussion of some more exotic attacks (I'll go back to session hijacking). Or even alterantives to using the registry in conjunction with DPAPI / encrypting config values.

More than 1. 4 million Canadians have already taken advantage of this plan to help finance their home. Participants have borrowed 15 billion from their RRSPs to help purchase more than 746,000 homes. The Home Buyers\' Plan helps to support a strong housing