-
-
http://thycotic.com/devdays_2004.html
I didn't take enough pictures but with all the buzz it was difficult to remember. :-)
-
-
After the Microsoft DevDays rehearsal this evening we all had dinner at Pittsburgh's FishMarket. It was great to share war stories of tough projects and encountered .NET challenges. The crowd was really interesting and you could feel the brain power at the table right up until the conversation turned to programming with punch cards and all was lost! :-) The crowd included - John McClelland, Mike Snell, Craig Oaks, Chris Mazzanti, Pat Santry, Stan Spotts, and Terry Weiss stopped by for a minute.
The stage is set (literally), the rabble have been fed - roll on DevDays tomorrow! There are over 200 registered attendees and it promises to be a great event.
-
-
In preparation for my presentation at Microsoft DevDays 2004 in Pittsburgh, I have been reading “Writing Secure Code” by Michael Howard and David LeBlanc (which a past colleague, David Williams, pointed me towards). For those of us living in the business application and web application realm, a buffer overrun is something we read about on security bulletins. It was fascinating to read how it all works and how to overcome it. Some great code examples - thoroughly interesting. But don't leave thinking that this book is only for those dealing with unmanaged code ... !
It discusses web application threats including a detailed discussion of SQL injections, cross site scripting attacks, hidden field tampering and also canonical issues. There is also a chapter on securing .NET code which includes requesting permissions programmatically which most people probably don't even know about. It also details modeling threats and determining your vulnerabilities before and during application development.
Microsoft also offers the following freely available resources: