Security Webcast Anyone?

Published 18 February 04 01:14 AM | Joel Semeniuk

As some of you might already know February 16-20 is Developer Security Webcast Week.   There will be 13 or so web casts on virtually every aspect of security with the developer in mind.  I’m doing two of these web casts:

MSDN Webcast: Writing Secure Code – Best Practices - Level 300

February 18, 2004
11:00 AM - 12:30 PM Pacific Time, US & Canada (GMT-8)
In this webcast for experienced developers, you will learn established best practices for applying security principles throughout the development process. We will discuss common security threats faced by application developers, such as buffer overruns, cross-site scripting and denial of service attacks, and you will learn effective strategies to defend against those threats.

MSDN Webcast: Writing Secure Code – Threat Defense - Level 300

February 20, 2004
11:00 AM - 12:30 PM Pacific Time, US & Canada (GMT-8)
In this session for experienced developers, you will build upon existing knowledge of secure coding best practices to learn about analyzing, mitigating and modeling threats. The session will discuss established threat modeling methodologies and tools and show how they can be applied with other best practices to minimize vulnerabilities and limit damage from attacks.

There are other RD’s doing some webcasts as well.  Doing webcasts feels kinda funny.  I’m very energetic and when I present I feed off the audience – interacting with them constantly.  Doing a webcast feels like walking in a mall talking on my cellphone – nothing like blabbering on and on about something to your computer screen.  It’s a weird disconnected feeling – but none the less an EXTREMELY powerful way of getting the word out.

That actually reminds me of my youth.  In high school we all took aptitude tests – they were fairly extensive and gave an idea of what we might be when we grow up.  Mine consistently came back saying I was going to be a Priest.  Hmmm… without any disrespect to Priests – I really didn’t think that would happen judging by love of Jack Daniels, Metallica, and… girls.  Well, it turns out I’m a preacher anyway – just not in a religious context (although some would argue).  I’m spreading “the word” in a different way – and across an entirely different medium.  Wonder if religious groups will be using webcasts any time soon – or maybe they already are.  Amenbrother.net!

Comments

# TrackBack said on February 18, 2004 04:34 PM:

What a great presentation. Joel did a great job. It was detailed on secure coding best practices and included threat modeling... covering both STRIDE threat modeling and Attack Trees. It was interesting to see him present the DREAD model for rating threats as superior to using the common formula: risk = Probability(chance) * Damage Potential (damage) I've been using r=c*d for over a year instead of DREAD, and found it works well for me. I am going to need to read up on some secondary documentation on DREAD and see why Microsoft prefers that method. The demos were pretty good too. Joel even showed how to properly do development as a non-admin user, which should benefit most people who don't. If you don't know WHY thats important, consider reading my CodeProject article about developing with least privilege. I did learn one interesting component in VS.NET. I always write my validation routines by hand and deal with it that way. I didn't know there was an ErrorProvider control that makes that simpler. Will have to look into that. I REALLY liked how Joel showed how to use the Data Protection API (DPAPI) to encrypt and decrypt SQL connection strings. I wish more people knew how to do this. If you hardcode your connection strings, you really should watch this presentation and learn how to fix that. All and all, this has been the best presentation so far. In the next few days the presentation will be online on-demand which you can check out here, which will let you check it out for yourself. In the meantime, I kept a copy of the power point slides of the presentation, which you can get here....

# John Mulkearns said on February 25, 2004 01:27 PM:

Extremely useful, makes me realise what an aspiring amature I still am. Thanks v much.

Re the posting the slides and demo code on a public document last weekend I guss you just hav'nt had a chance to eyt as I could'nt find it yet. I just joined the UG and will check back in a few days / next wk,, thanks

This Blog

Cool Places

Good Links to Eat

INETA and UG Links

Other Blogs

Syndication