ASP.NET 2.0 Security Reference Implementation
I have been silent for the last month or so, but I am hoping to get back into writing again. July was an eventful month for me. I turned 38 (July 10), took a family vacation (first time to be able to do so in at least 6 years!) driving across much of the USA in an RV, and I ended a contract early because of feeling underutilized and started a new one that is much more in line with my interests. I may write more later in general about how I determine what type of work will bring the most enjoyment.
In particular, I am working on architecting, securing, and helping to develop a large ASP.NET 2.0 application -- this feels more like what I enjoy. Earlier this week I found a reference (found by way of Dominick Baier) to the recently updated ASP.NET 2.0 Security Reference Implementation developed by the Patterns and Practices group. The reference implementation takes the Pet Shop 4 example and applies the PAG security guidance techniques. So far, in my review and analysis, I like what is presented and highly recommend architects and developers review it as well. There are a couple of issues pointed out here and here, but otherwise this is great stuff.