I didn’t takeenough pictures but with all the buzz it was difficult to remember. 🙂
After the Microsoft DevDays rehearsal this evening we all had dinner at Pittsburgh’s FishMarket. It was great to share war stories of tough projects and encountered .NET challenges. The crowd was really interesting and you could feel the brain power at the table right up until the conversation turned to programming with punch cards and all was lost! 🙂 The crowd included – John McClelland, Mike Snell, Craig Oaks, Chris Mazzanti, Pat Santry, Stan Spotts, and Terry Weiss stopped by for a minute.
The stage is set (literally), the rabble have been fed – roll on DevDays tomorrow! There are over 200 registered attendees and it promises to be a great event.
In preparation for my presentation at Microsoft DevDays 2004 in Pittsburgh, I have been reading “Writing Secure Code” by Michael Howard and David LeBlanc(which a past colleague, David Williams, pointed me towards). For those of us living in the business application and web application realm, a buffer overrun is something we read about on security bulletins. It was fascinating to read how it all works and how to overcome it. Some great code examples – thoroughly interesting. But don’t leave thinking that this book is only for those dealing with unmanaged code … !
It discusses web application threats including a detailed discussion of SQL injections, cross site scripting attacks, hidden field tampering and also canonical issues. There is also a chapter on securing .NET code which includes requesting permissions programmatically which most people probably don’t even know about. It also details modeling threats and determining your vulnerabilities before and during application development.
Microsoft also offers the following freely available resources:
I will be speaking at Microsoft Developer Days 2004 back in Pittsburgh on March 9th. It looks to be a very exciting event with a strong emphasis on security. I will be presenting “Threats and Threat Modeling – Understanding Web Application Threats and Vulnerabilities” on the Web Development Track.
There will be great speakers from the local area and an opportunity to get the latest message from Microsoft as well interact with developers in your community. Maybe we can even get in a plug for the Pittsburgh .NET User Group?