One of the many Microsoft bloggers provides a workaround for those of us looking to debug ASP.NET applications without resorting to Admin privileges…a workaround that uses the predecessor of the Whidbey web server from ASP.NET Web Matrix to do debugging locally: The debugger team has gotten many...

I’ve written about the problems of running your machine day-to-day as Administrator, and tips for making development as a non-Admin easier on a number of occasions . As a brief reminder, there are many viruses and other malware that would never have spread as widely as they did if the infected...

Below is an excellent, yet brief, description of buffer overruns, which I found on the Microsoft bloggers feed on http://weblogs.asp.net . I do a demo of a buffer overrun in the Essentials of Application Security session, one of two I’m presenting at numerous locations in the eastern US. One of...

this one in VB.NET: If you went to DevDays 2004 then you know about DP-API. This is part of the CryptoAPI that didn't make it into the .NET Framework. The nice folks at Vertigo Software wrote a nifty VB.NET managed code wrapper around DPAPI because it's so dang hard to use directly. They make it freakin...

I just finished up my first week of doing MSDN security briefings for Microsoft. I had a great time with the audiences in Albany, NY and Staten Island, NY. Both audiences were very attentive and asked some great questions. I’m looking forward to this week’s talks in Roanoke, VA , and Charlottesville...

A quick reminder… DevDays in Washington, DC is this Thursday, March 4 th . I’ll be presenting the security overview for the Web track. If you read my blog, please stop by and say “hi” afterwards. You also don’t want to miss Anil John’s talk on Defenses and Countermeasures...

My two favorite people to read on the subject of security are Michael Howard and Keith Brown . In a recent posting , Keith explains the Principle of Least Privilege, and why it’s important. The most important reason for limiting the security privileges your code requires to run is to reduce the...

DevDays 2004 is coming in March to a venue near you! This year’s DevDays focuses on two tracks, both oriented around best practices. The Smart Client track will speak to best practices for development, security, and deployment of Windows client applications, while the Web Development Track will...

One of the many Microsoft bloggers provides a workaround for those of us looking to debug ASP.NET applications without resorting to Admin privileges…a workaround that uses the predecessor of the Whidbey web server from ASP.NET Web Matrix to do debugging locally: The debugger team has gotten many...

I’ve written about the problems of running your machine day-to-day as Administrator, and tips for making development as a non-Admin easier on a number of occasions . As a brief reminder, there are many viruses and other malware that would never have spread as widely as they did if the infected...