Thursday, June 12, 2003

Improving Web Application Security: Threats and Countermeasures - LIVE on MSDN!

Bake security into the application lifecycle. It's a comprehensive guide for creating "hack resilient" apps. Use the guide to secure the network, host and application (there's something for architects, devs, system admins, testers, and security pros). It's principle-based and threat focused. Guidance is task-based and modular with tons of implementation steps. Deep drill-down on each technology, Code Access Security, ASP.NET, Enterprise Services, Web Services, Remoting, and Data Access (ADO.NET/SQL Server), with threats and countermeasures are provided. Also, includes checklists and How Tos.

Key Problems Solved:

• Hosting multiple Web Apps securely
• Writing secure managed code
• Designing secure apps
• Using CAS from ASP.NET
• Preventing key security issues: Input validation, SQL injection, Cross-Site Scripting
• Securing your developer workstation
• Securing your web server
• Securing your database server
• Locking down ASP.NET
• Performing security reviews on design, code, and deployment

Congratulations to JD, Alex, Srinath, Michael, Ray, Anandha and Sandy on the PAG Team (and to the many other folks who contributed to this book)

I had the extreme pleasure of working as an external Technical Reviewer for this book, specifically on the areas of Code Access Security and Hosting Scenarios. I also provided some input regarding resources on the writing code as non-Admin portion which is detailed in the Securing your Developer Workstation section.

The only thing I can tell you is It’s LIVE and is pure Security Goodness! Go GET IT NOW! [1] Because this is one AWESOME book!

This is the second book in the .NET/Web Security Series from the Microsoft Patterns and Practices Team. The first was "Building Secure Microsoft ASP.NET Applications"

[1] http://msdn.microsoft.com/library/en-us/dnnetsec/html/threatcounter.asp

10:25:09 PM     Comment
  

Keith Brown's (Developmentor) New .NET Security Book

Keith Brown is writing his new book out in the open – he’s posting it on here on his website as he writes it. The tentative title is A .NET Developer's Guide to Windows Security. If you’ve read Keith’s Programming Windows Security, you’ll know this is something to be excited about it. Read it! Send him feedback!
[CraigBlog]

Excellent! Keith is one of my favorite people when it comes to Windows Security. Glad to see that he has put more content online.

7:32:19 PM     Comment
  

Wes Felter's Hack the Planet is another very cool blog I discovered via Boing...

Wes Felter's Hack the Planet is another very cool blog I discovered via Boing Boing Blog. I'm sure most everyone knows it already, but it's new to me and it has tons of good info.
[Brian Johnson]

Cool! RSS feed can be found @ http://wmf.editthispage.com/xml/rss.xml

7:26:48 PM     Comment
  

MSDN ASP.NET Developer Center (Security)

The MSDN ASP.NET Developer Center is now live at http://msdn.microsoft.com/asp.net/

ASP.NET Security related content can be found at http://msdn.microsoft.com/asp.net/using/understanding/security/default.aspx

Not much there except links to articles and PnP stuff already published. Hopefully that will change as time goes by.

7:18:53 PM     Comment
  

Trustworthy Computing Chat with Microsoft

Discussion on Trustworthy Computing and security at Microsoft with Security Business Unit Vice President Mike Nash. Come with your questions on security products, initiatives and issues for Mike.

June 16, 2003
Time: 10am Pacific/1pm Eastern/17:00 GMT/18:00 BST

Join the chat room on the day of the chat: http://communities2.microsoft.com/home/chatroom.aspx?siteid=34000015

Information on other Technical Chats (Security related or others) can be found at http://www.microsoft.com/technet/itcommunity/chats/default.asp

7:05:22 PM     Comment