FREE hit counter and Internet traffic statistics from freestats.com

Wednesday, April 14, 2004

Security Brain Dump

Today I delivered two talks at the Microsoft Security Summit in Chicago held down by the lake at McCormick Place just south of Soldier Field. My two talks in the developer track were on common threats and how to defend against them and securing .NET applications. The keynote this morning was a nice overview of what Microsoft is doing in the security space and among other things included the following items that developers should be aware of. I’ve provided links to get you started.

  • XP SP2 – RC1 is available today. Attendees of the Security Summit got the bits in the bag

  • Microsoft Baseline Security Analyzer (MBSA) – Tool you can use to analyze a machine to check for vulnerabilities and the precense of updates

  • Digital Rights Management (DRM) – Effort by Microsoft to protect an organization’s intellectual property by allowing policy to be enforced on applications such as email clients and Office apps to restrict forwarding of email offsite and viewing documents for which you are not authorized

  • Microsoft Update - Currently Microsoft has multiple update services including Windows Update and the Software Update Service. These will be rolled into one in the future.

  • Writing Secure Code by Michael Howard - Great book that addresses all aspects of security. You can find his blog here.

  • Microsoft Security Developer Center – The place to go for security information from Microsoft


  • In addition, for those interested in how XP SP2 will affect developers you’ll want to check out the TechEd session DEV370 that Jon Box and I are doing in San Diego on May 28th. We’ll also do a webcast prior to TechEd that you’ll be able to take a look at.

    For those who can’t attend one of the Security Summit events you can find the webcasts for the developer tracks at the following links:

    Session 1 – Essentials of Application Security
    Session 2 – Writing Secure Code: Threat Defense
    Session 3 – Writing Secure Code: Best Practices
    Session 4 – Implementing Application Security Using the Microsoft .NET Framework

    I’d recommend all Microsoft developers going through this material to ensure that the applications you build are protected from potential threats. In other security related items you might want to check out the following articles I’ve written on the topic:

    Take the proper steps to secure ActiveX controls
    Protect ASP.NET Data with the DPAPI
    Make Managed Code Work With .NET's CAS
    Secure Your .NET Smart Apps with CAS
    Protect Private Data with the Cryptography Namespaces of the .NET Framework

    After getting into town last night (I missed the Royals/White Sox game played in the afternoon) and checking out the presentation machines I had dinner with Drew Robbins. Very smart and nice guy from Ohio who did a great job on his best practices talk in the developer track. Tomorrow I’m taking in the Cubs/Pirates game before heading back to KC and hope to see Sammy Sosa catch and pass Ernie Banks for the all-time Cubs homerun record of 512. Sosa actually has hit 540 homeruns but played his first couple of seasons with the Rangers and White Sox.

    No comments: