I will be speaking at the New England Code Camp 8: Rise of the Silverlight Surfer at the Microsoft offices in Waltham, MA on September 29-30. I will be speaking on the following security topics: Penetration Testing of Web Applications Secure Code Reviews: What are the ingredients? There is already a...

I was in a user group meeting recently with Patrick Hynds speaking about Identity and presenting demos on Windows CardSpace . Someone in the audience mentioned it would be great to see Microsoft start using this for some of their websites (I agree!). Well, here it is: LiveID + CardSpace . Also, take...

I have been mostly silent for the past year as I have been busy working with a client in Western Massachusetts on a very interesting ASP.NET 2.0 project (using C# 2.0). I had the pleasure of working with one of the best teams I have seen in my career -- all were bright, willing to learn, and up to the...

I have posted my slides on my site for last week's talk on Introduction to Windows CardSpaces at the Southern CT .NET Users Group meeting on June 12. It was a good meeting, but there were a lot of questions about how well will this technology be adopted. Unfortunately, at the moment, it is still a sparse...

I will be speaking at the Southern Connecticut .NET User Group on June 12 from 6:00 pm to 8:00 pm. You can get directions, etc. from their web site here . Here is the abstract: Introduction to Windows CardSpace location: At Pitney Bowes Inc Tuesday, June 12, 2007 6:00 PM - 8:00 PM Windows CardSpace enables...

Over the weekend at the New England Code Camp 7 conference, I mentioned briefly about some of the potential security problems with AJAX. Dana Epp has a post about the new class of attack vectors using Javascript Hijacking against AJAX, and ultimately, ATLAS, applications. He points to a research paper...

I will be speaking this weekend, March 31-April 1, at the New England Code Camp 7: Deer in Headlights located at the Microsoft, Waltham, MA offices. I have two topics this time: How to Perform a Secure Code Review Protecting Data with SQL Server 2005 There are still some registration space left. Check...

My plans have changed for this weekend , so I will be presenting more topics at the Boston Code Camp 6 (the schedule has been posted ). This time, the Code Camp will be held on Saturday only. My talks are: Building a Secure Architecture How to Perform a Secure Code Review Threat Modeling for Web Applications...

Congratulations to fellow MS Developer Security MVP Dominick Baier on finishing his book Developing More-Secure Microsoft ASP.NET 2.0 Applications . This is available through Amazon and other locations this week. I have been looking forward to this one for awhile. If you get a chance (and you really...

I have been busy with a great architecture project lately that I have mentioned previously . I have also been finalizing slides and demos and making travel arrangments for upcoming speaking events. October 24-27 - VSLive!, Boston, MA - "Leveraging .NET 2.0 Security Features" (Black-Belt session...