December 2005 - Posts
A week ago Microsoft Israel hosted in Israel a GREAT SOA seminar with Clemans Vasters !
In this seminar Clemens anounced to the world that he will be joining Microsoft Indigo team soon !
I had video taped the two days session plus the Architects User group meeting where Clemens demonstrated how to build a library that can be hosted under Remoting, MSMQ, Enterprise Services, Web Service, Indigo.
I’m currently working with Microsoft Israel to put it on the web, I’ll update my blog with the location as soon as there will be one.
Watch Clemens Anouncment about the upcoming move to Microsoft ! ( Click Here )
The Seminar Agenda
The Tenets of Service Orientation
Services Styles and Edges: SOAP, REST, POX, Binary
Contracts: WSDL, UDDI, Schema, Policies, Versioning
Web Services Addressing and Events
Autonomous Computing Principles
Transactions and Exception Management
Web Services Security
Service Patterns
Writing Future Proof Services with the .NET Framework 2.0
Writing Services with WinFX 3.0 (WCF/"Indigo")
Due to request from Clemens Vasters i've removed the presentations and the UG code.
What you need to know before you are starting to migrate your app to .net framework 2.0 ?
I’ll try to compile here a list.
1. Read the breaking changes list on msdn
2. Read Compatibility Considerations and Version Changes on got dot net
3. Download the list of files that marked as Obsolete in fw 2.0
Johanna Rothman had a great lecture at the Agile Israel Usergroup meeting last Thursday !
The lecture titled ‘Moving towards Agile Project Management’ gave a great intro to agile project development.
If you weren't able to come to the lecture… I've video taped it for you and yep the lecture is in English !
The lecture slides are available from Roy’s Team Agile site over ‘here’
The first part is available ‘here’
The second part (hat simulation) will be available later this week.
Visual Studio 2005 was launched yesterday in Israel!
During the ‘Visual Studio 2005 & The Mad Hacker’ show me & dan demonstrated the ability to build Mission Critical applications using Visual Studio 2005 Security Enhancements. The show demonstrated several vulnerabilities and the way to mitigate them using Visual Studio 2005.
Following the show there were several question raised…
So here is our Q&A:
Q: I missed the show… what areas were covers through the show and where can i learn more about them ?
A: We covered the following area during the show:
– Sql Injection & Using Code Analysis to mitigate it
– Asp.Net 2.0 Login Controls, Membership & Roles Services
– Diagnostics using WebEvents
– Sniffing & Secured Remoting
– C++ Code Analysis & Buffer Overrun Example
– Data Protection Class
– Access Control Class
Q: Where can i find the presentation and the demos you showed ?
A: Here is the list of demos:
The VS 2005 & The Mad Hacker Presentation & Videos
The CTU Web & Backed Solution
The CTU Web & Backed Solution + Login, Membership & Roles
Including The WebEvents demo for sending sms using SMS2U
The Buffer Overrun & PreFast Example
The Data Protection Example
The Access Control Example
The CTU Database
Install Script (This script creates iis virtual directory of the CTU Web)
Q: Can I get the Mad Hacked Sql Injector Tool ?
A: Sorry but no, this tool was not complicated to build but it can be used to hack systems down and although I’m sure you only want this tool to test your own site it can be used by others in unacceptable ways.
Q: I was expecting more drill down explanation of the new security features and was a little disappointed
A: We decided to focus our lecture on several topics that will fit such a large audience instead for example to drill into the new futures of code access security, using the web log I’ll publish several articles and links to try and cover the full list of changes
Q: What is the name of the book that you showed ?
A: The name of the book is wirting secured code, Second Edition.
Q: Where can I find more information regarding VS 2005 Security Improvements?
A:
The Security Wiki and What’s new security features are in ASP.NET 2.0
MSDN Article : New Security Features in Visual Studio 2005
SQL Injections
To learn more about Sql Injection check: Advanced Sql Injection and More Advanced Sql Injection articles fron NGSSoftware there is also an article from MSDN Magazin titled Stop Sql Injection Attacks Before They Stop You
Membership & Roles Services
There are two new articles on MSDN:
Member/Role Management with IIS, Part 1: Security and Configuration Overview
Microsoft ASP.NET 2.0 Member/Role Management with IIS, Part 2: Implementation
Data Protection
Encrypt Connection Strings in VS 2005 .config Files
Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication
Security Blogs
.Net Security - Shawn F. Blogs
Microsoft Security MVP’s Blogs
Anil John
If you live in Israel… Mark the date – 21.12.2005 17:30–20:00
Clement Vasters will give a talk at the Microsoft Architects User Group
Subject of the talk :
Remoting, ASMX, Enterprise Services, MSMQ… what to choose, when to use…
Hurry up and register over here
| The Date |
12.12.2005 |
| The Time |
13:15 (just after lunch !) |
| The Place |
David Intercontinental (Tel Aviv, Israel) |
| The Conference |
Microsoft’s READY To LAUNCH Event |
| The Show |
Visual Studio 2005 & The Mad Hacker ! |
For the last couple of weeks me and Dan were working to compose a great security show for the Ready to Launch event, so if you think that you’ve seen everything… you are wrong !
Register for the show at MS Israel Events Site
This is hilarious !!!
If you have some spare time…
And you are a Flash Gordon fan check Microsoft's Escape Yesterworld
If you are interested to know about Google’s Pagerank algorithm check Sergey Brin and Lawrence Page publication “The Anatomy of a Large-Scale Hypertextual Web Search Engine”
What do you know, they even have a prototype running… http://google.stanford.edu/
:-)
More Posts