G
Georgeo Pulikkathara[MS]
MSDN Security Webcast Week - February 16 - 20, 2004
Microsoft announces a special week of webcasts addressing the most important and newly emerging security issues surrounding developers. Topics range from corporate security reviews and computer crime to a host of webcasts aimed specifically at developers. These webcasts are designed to help developers write applications that are resistant to security attacks. Webcasts will address a broad range of issues facing developers today: specific coding techniques to make applications inherently more secure, SQL Server considerations, authentication and authorization, Enterprise Security Portals, and protecting your intellectual property with Code Access Security. Tune in as top industry experts walk you through key security concepts that will help your organization -- and the code you write -- rise to the security challenges we all face today.
Registration is limited to 1000 registrations per webcast, so register early for all 12 webcasts. These free webcasts are held live and they are interactive. Webcast attendees can ask questions and get answers from security subject matter experts. These webcasts will be recorded and available for later viewing. These 12 webcasts can also be found on the MSDN Security Developer Center as well.
--------------------------------------------------------------------------------
DAY 1 - Monday, February 16, 2004
MSDN Webcast: .NET Code Access Security - Level 200
February 16, 2004
9:00 AM - 10:30 AM Pacific Time, US & Canada (GMT-8)
Juval Lowy, Software Architect, IDesign
The classic Windows® NT security model is based on what a given user is allowed to do. In today's highly distributed, component-oriented environment, you need a security model based on what a given piece of code, a component, is allowed to do. .NET allows you to configure permissions for components, and provide an evidence to prove that it has the right credentials to access a resource or perform some sensitive work. This webcast shows how to manage application security using the ..NET configuration tool and how to do so programmatically. The web cast will discuss recommendations for custom security policies and time permitting will demonstrate securing and deploying a smart client application today and in Whidbey.
MSDN Webcast: How to Perform a Security Review - Level 200
February 16, 2004
11:00 AM - 12:30 PM Pacific Time, US & Canada (GMT-8)
Hans Westphal, Development Support Consultant, Microsoft
Secure by Design is the first tenant in the Microsoft® TrustWorthy Computer Initiative and one key practice to ensure "Secure by Design" is to perform a code security review. In this webcast we will walk through the steps to perform a security review for .NET framework applications from assembling the team, common problems to look for, some automation tools to help the process, checklists and finally-best practices.
DAY 2 - Tuesday, February 17, 2004
MSDN Webcast: Computer Crime and Security - Level 200
February 17, 2004
9:00 AM - 10:30 AM Pacific Time, US & Canada (GMT-8)
Chuck Connors, Solutions Architect, BORN
The typical misconception is that a hardware firewall will prevent a security breach. In fact, the majority of today's IT security breaches occur through a web application. In this webcast we will discuss the most pervasive methods that hackers use to penetrate systems, where these attacks originate from, how they are accomplished and the financial impact of these breaches. Developers and managers should plan on attending to obtain a clear understanding of the challenges they may face in securing our web applications.
MSDN Webcast: Creating a Single Sign-On Enterprise Security Portal - Level 200
February 17, 2004
1:00 PM - 2:30 PM Pacific Time, US & Canada (GMT-8)
Paul Sheriff, President, PDSA
Most organizations would like to have a single sign on solution for all of their applications. However, many businesses today are made up of internal users and external users that sometimes need access to the same information. In addition, not all users will be on the same domain. This makes creating a single sign on solution difficult. Another issue commonly faced is the management of groups or roles within an organization. While it is an easy task to put Windows users into groups, it is not so easy to manage those set of groups across multiple applications. Some users may be considered a manager within one application, but just a simple user in another. What is really needed is a combination of Windows domain security and Forms Based Authentication for all of your web applications. In this session you will see a working sample of how to put this all together.
DAY 3 - Wednesday, February 18, 2004
MSDN Webcast: Dave's Secure Remoting Chat Application - Level 300
February 18, 2004
9:00 AM - 10:30 AM Pacific Time, US & Canada (GMT-8)
David Anthony, Application Architect, Landata Systems Inc.
Have you ever wondered if those pesky network-savvy individuals that are in possession of packet-sniffing software such as Snort or Ethereal might be eavesdropping on your Instant Messenger (IM) conversations? Of course, even though we all use IM in the workplace, you might not want your chat conversations going out in plain-text over the wire. In this webcast we will write a secure peer-to-peer chat program that cannot be eavesdropped by packet-sniffers. Experienced developers shouldn't miss the discussions covering remoting, encryption, streaming and multi-threading.
MSDN Webcast: Writing Secure Code - Best Practices - Level 300
February 18, 2004
11:00 AM - 12:30 PM Pacific Time, US & Canada (GMT-8)
Joel Semeniuk, VP of Software Development, ImagiNET Resources Corp.
In this webcast for experienced developers, you will learn established best practices for applying security principles throughout the development process. We will discuss common security threats faced by application developers, such as buffer overruns, cross-site scripting and denial of service attacks, and you will learn effective strategies to defend against those threats.
MSDN Webcast: Protecting Your System From SQL Injection Attacks - Level 200
February 18, 2004
1:00 PM - 2:30 PM Pacific Time, US & Canada (GMT-8)
John Paul Cook, Managing Consultant, Software Architects
SQL injection is one of the most serious threats a database can encounter. When an application is designed without regard for a comprehensive defense, it can provide an attack surface highly vulnerable to hackers skilled in SQL syntax. Once a hacker injects rogue SQL commands through a user interface, not only is the database exposed, but so is the server itself. By following sound design principles demonstrated in this webcast, SQL injection threats can be minimized. Developers shouldn't miss this opportunity to discuss database security with John Paul Cook from Software Architects.
DAY 4 - Thursday, February 19, 2004
MSDN Webcast: Application Hacking Techniques and How to Stop Them - Level 200
February 19, 2004
9:00 AM - 10:30 AM Pacific Time, US & Canada (GMT-8)
Athanassios Vamvakas, Consultant, Microsoft
This webcast will concentrate on how to protect your application by understanding how attacks are conducted. Attendees will discover what actions an attacker will take in order to break the security of an application and how to minimize the cost of a security breach. By acting in a proactive manner developers can ensure that security is maintained even when their applications have been deployed and have been in production for some time.
MSDN Webcast: Protect Your IP with Code Access Security - Level 200
February 19, 2004
1:00 PM - 2:30 PM Pacific Time, US & Canada (GMT-8)
Michele Leroux Bustamante, Associate, IDesign Inc.
.NET reflection facilitates the discovery of type information at runtime, dynamic class loading and method invocation, and the ability to emit new types on the fly. All of this power also raises concerns over the protection of your intellectual property, and how they are used once deployed. This webcast explains code access security for the .NET Framework, and demonstrates what you can and cannot do to secure type access for compiled and dynamically emitted types, with the help of security attributes. Developers shouldn't miss our discussions reviewing system accessibility rules, code access security, and .NET reflection.
DAY 5 - Friday, February 20, 2004
MSDN Webcast: Application Hacking Techniques and How to Stop Them - Level 200
February 20, 2004
9:00 AM - 10:30 AM Pacific Time, US & Canada (GMT-8)
Mark D. Scott, Senior Software Engineer, RDA Corporation
This webcast, designed for experienced developers, exposes the skills and knowledge set required to develop secure applications. The session will explore key security concepts, such as authentication, authorization, cryptography, and network infrastructure. Developers will learn where and how to apply these techniques into their applications in design, construction and application deployment, to assure that data and communications are handled efficiently and securely.
MSDN Webcast: Writing Secure Code - Threat Defense - Level 300
February 20, 2004
11:00 AM - 12:30 PM Pacific Time, US & Canada (GMT-8)
Joel Semeniuk, VP of Software Development, ImagiNET Resources Corp.
In this session for experienced developers, you will build upon existing knowledge of secure coding best practices to learn about analyzing, mitigating and modeling threats. The session will discuss established threat modeling methodologies and tools and show how they can be applied with other best practices to minimize vulnerabilities and limit damage from attacks.
MSDN Webcast: Dave's Top 10 Ways to Secure Your Web Application - Level 300
February 20, 2004
1:00 PM - 2:30 PM Pacific Time, US & Canada (GMT-8)
David Anthony, Application Architect, Landata Systems Inc.
In this webcast, you will see some practical best practices for writing secure ASP.NET code. The following topics have been used by the author in real world code and will be covered:
· Hash your passwords in the Presentation Tier and where they're stored,
· Use Role Based Authentication
· Use Declarative Security with PrincipalPermissionAttribute and SecurityAction.Demand
· Use Imperative Security with IsInRole
· Roll your own custom Principal
· Wrap possibly unsecure code with Try Finally and make sure to cleanup in the Finally block
· Defeat brute-force attacks with maximum retry counts
· Encrypt sensitive data in .config files and other places with System.Security.Cryptography
· Use Code Access Security to ensure least-privilege in your assemblies
· Use the Framework - DON'T REINVENT THE WHEEL!
--------------------------------------------------------------------------------
George Pulikkathara
Marketing Program Manager, MSDN Webcasts
US Business Marketing Organization
Work: 425-707-6912 Cell: 425-503-6443
Internal team site: http://team/sites/webcast/default.aspx
MSDN Webcasts
Technical webcasts for developers presented by an army of knowledgeable subject matter experts. These free events are live and interactive. Live code demos and attendees asking in depth engaging questions are all part of this live event. To attend a webcast register at http://www.microsoft.com/seminar/events/developer.mspx. Here you'll find MSDN Webcasts, MSDN Architecture Webcasts, and MSDN Support Webcasts. MSDN Architecture Webcasts cover application architectural topics and scenarios, while MSDN Support Webcasts specifically cover developer support issues with troubleshooting, configuring, and break fix topics for Microsoft developer tools and technologies.
Microsoft announces a special week of webcasts addressing the most important and newly emerging security issues surrounding developers. Topics range from corporate security reviews and computer crime to a host of webcasts aimed specifically at developers. These webcasts are designed to help developers write applications that are resistant to security attacks. Webcasts will address a broad range of issues facing developers today: specific coding techniques to make applications inherently more secure, SQL Server considerations, authentication and authorization, Enterprise Security Portals, and protecting your intellectual property with Code Access Security. Tune in as top industry experts walk you through key security concepts that will help your organization -- and the code you write -- rise to the security challenges we all face today.
Registration is limited to 1000 registrations per webcast, so register early for all 12 webcasts. These free webcasts are held live and they are interactive. Webcast attendees can ask questions and get answers from security subject matter experts. These webcasts will be recorded and available for later viewing. These 12 webcasts can also be found on the MSDN Security Developer Center as well.
--------------------------------------------------------------------------------
DAY 1 - Monday, February 16, 2004
MSDN Webcast: .NET Code Access Security - Level 200
February 16, 2004
9:00 AM - 10:30 AM Pacific Time, US & Canada (GMT-8)
Juval Lowy, Software Architect, IDesign
The classic Windows® NT security model is based on what a given user is allowed to do. In today's highly distributed, component-oriented environment, you need a security model based on what a given piece of code, a component, is allowed to do. .NET allows you to configure permissions for components, and provide an evidence to prove that it has the right credentials to access a resource or perform some sensitive work. This webcast shows how to manage application security using the ..NET configuration tool and how to do so programmatically. The web cast will discuss recommendations for custom security policies and time permitting will demonstrate securing and deploying a smart client application today and in Whidbey.
MSDN Webcast: How to Perform a Security Review - Level 200
February 16, 2004
11:00 AM - 12:30 PM Pacific Time, US & Canada (GMT-8)
Hans Westphal, Development Support Consultant, Microsoft
Secure by Design is the first tenant in the Microsoft® TrustWorthy Computer Initiative and one key practice to ensure "Secure by Design" is to perform a code security review. In this webcast we will walk through the steps to perform a security review for .NET framework applications from assembling the team, common problems to look for, some automation tools to help the process, checklists and finally-best practices.
DAY 2 - Tuesday, February 17, 2004
MSDN Webcast: Computer Crime and Security - Level 200
February 17, 2004
9:00 AM - 10:30 AM Pacific Time, US & Canada (GMT-8)
Chuck Connors, Solutions Architect, BORN
The typical misconception is that a hardware firewall will prevent a security breach. In fact, the majority of today's IT security breaches occur through a web application. In this webcast we will discuss the most pervasive methods that hackers use to penetrate systems, where these attacks originate from, how they are accomplished and the financial impact of these breaches. Developers and managers should plan on attending to obtain a clear understanding of the challenges they may face in securing our web applications.
MSDN Webcast: Creating a Single Sign-On Enterprise Security Portal - Level 200
February 17, 2004
1:00 PM - 2:30 PM Pacific Time, US & Canada (GMT-8)
Paul Sheriff, President, PDSA
Most organizations would like to have a single sign on solution for all of their applications. However, many businesses today are made up of internal users and external users that sometimes need access to the same information. In addition, not all users will be on the same domain. This makes creating a single sign on solution difficult. Another issue commonly faced is the management of groups or roles within an organization. While it is an easy task to put Windows users into groups, it is not so easy to manage those set of groups across multiple applications. Some users may be considered a manager within one application, but just a simple user in another. What is really needed is a combination of Windows domain security and Forms Based Authentication for all of your web applications. In this session you will see a working sample of how to put this all together.
DAY 3 - Wednesday, February 18, 2004
MSDN Webcast: Dave's Secure Remoting Chat Application - Level 300
February 18, 2004
9:00 AM - 10:30 AM Pacific Time, US & Canada (GMT-8)
David Anthony, Application Architect, Landata Systems Inc.
Have you ever wondered if those pesky network-savvy individuals that are in possession of packet-sniffing software such as Snort or Ethereal might be eavesdropping on your Instant Messenger (IM) conversations? Of course, even though we all use IM in the workplace, you might not want your chat conversations going out in plain-text over the wire. In this webcast we will write a secure peer-to-peer chat program that cannot be eavesdropped by packet-sniffers. Experienced developers shouldn't miss the discussions covering remoting, encryption, streaming and multi-threading.
MSDN Webcast: Writing Secure Code - Best Practices - Level 300
February 18, 2004
11:00 AM - 12:30 PM Pacific Time, US & Canada (GMT-8)
Joel Semeniuk, VP of Software Development, ImagiNET Resources Corp.
In this webcast for experienced developers, you will learn established best practices for applying security principles throughout the development process. We will discuss common security threats faced by application developers, such as buffer overruns, cross-site scripting and denial of service attacks, and you will learn effective strategies to defend against those threats.
MSDN Webcast: Protecting Your System From SQL Injection Attacks - Level 200
February 18, 2004
1:00 PM - 2:30 PM Pacific Time, US & Canada (GMT-8)
John Paul Cook, Managing Consultant, Software Architects
SQL injection is one of the most serious threats a database can encounter. When an application is designed without regard for a comprehensive defense, it can provide an attack surface highly vulnerable to hackers skilled in SQL syntax. Once a hacker injects rogue SQL commands through a user interface, not only is the database exposed, but so is the server itself. By following sound design principles demonstrated in this webcast, SQL injection threats can be minimized. Developers shouldn't miss this opportunity to discuss database security with John Paul Cook from Software Architects.
DAY 4 - Thursday, February 19, 2004
MSDN Webcast: Application Hacking Techniques and How to Stop Them - Level 200
February 19, 2004
9:00 AM - 10:30 AM Pacific Time, US & Canada (GMT-8)
Athanassios Vamvakas, Consultant, Microsoft
This webcast will concentrate on how to protect your application by understanding how attacks are conducted. Attendees will discover what actions an attacker will take in order to break the security of an application and how to minimize the cost of a security breach. By acting in a proactive manner developers can ensure that security is maintained even when their applications have been deployed and have been in production for some time.
MSDN Webcast: Protect Your IP with Code Access Security - Level 200
February 19, 2004
1:00 PM - 2:30 PM Pacific Time, US & Canada (GMT-8)
Michele Leroux Bustamante, Associate, IDesign Inc.
.NET reflection facilitates the discovery of type information at runtime, dynamic class loading and method invocation, and the ability to emit new types on the fly. All of this power also raises concerns over the protection of your intellectual property, and how they are used once deployed. This webcast explains code access security for the .NET Framework, and demonstrates what you can and cannot do to secure type access for compiled and dynamically emitted types, with the help of security attributes. Developers shouldn't miss our discussions reviewing system accessibility rules, code access security, and .NET reflection.
DAY 5 - Friday, February 20, 2004
MSDN Webcast: Application Hacking Techniques and How to Stop Them - Level 200
February 20, 2004
9:00 AM - 10:30 AM Pacific Time, US & Canada (GMT-8)
Mark D. Scott, Senior Software Engineer, RDA Corporation
This webcast, designed for experienced developers, exposes the skills and knowledge set required to develop secure applications. The session will explore key security concepts, such as authentication, authorization, cryptography, and network infrastructure. Developers will learn where and how to apply these techniques into their applications in design, construction and application deployment, to assure that data and communications are handled efficiently and securely.
MSDN Webcast: Writing Secure Code - Threat Defense - Level 300
February 20, 2004
11:00 AM - 12:30 PM Pacific Time, US & Canada (GMT-8)
Joel Semeniuk, VP of Software Development, ImagiNET Resources Corp.
In this session for experienced developers, you will build upon existing knowledge of secure coding best practices to learn about analyzing, mitigating and modeling threats. The session will discuss established threat modeling methodologies and tools and show how they can be applied with other best practices to minimize vulnerabilities and limit damage from attacks.
MSDN Webcast: Dave's Top 10 Ways to Secure Your Web Application - Level 300
February 20, 2004
1:00 PM - 2:30 PM Pacific Time, US & Canada (GMT-8)
David Anthony, Application Architect, Landata Systems Inc.
In this webcast, you will see some practical best practices for writing secure ASP.NET code. The following topics have been used by the author in real world code and will be covered:
· Hash your passwords in the Presentation Tier and where they're stored,
· Use Role Based Authentication
· Use Declarative Security with PrincipalPermissionAttribute and SecurityAction.Demand
· Use Imperative Security with IsInRole
· Roll your own custom Principal
· Wrap possibly unsecure code with Try Finally and make sure to cleanup in the Finally block
· Defeat brute-force attacks with maximum retry counts
· Encrypt sensitive data in .config files and other places with System.Security.Cryptography
· Use Code Access Security to ensure least-privilege in your assemblies
· Use the Framework - DON'T REINVENT THE WHEEL!
--------------------------------------------------------------------------------
George Pulikkathara
Marketing Program Manager, MSDN Webcasts
US Business Marketing Organization
Work: 425-707-6912 Cell: 425-503-6443
Internal team site: http://team/sites/webcast/default.aspx
MSDN Webcasts
Technical webcasts for developers presented by an army of knowledgeable subject matter experts. These free events are live and interactive. Live code demos and attendees asking in depth engaging questions are all part of this live event. To attend a webcast register at http://www.microsoft.com/seminar/events/developer.mspx. Here you'll find MSDN Webcasts, MSDN Architecture Webcasts, and MSDN Support Webcasts. MSDN Architecture Webcasts cover application architectural topics and scenarios, while MSDN Support Webcasts specifically cover developer support issues with troubleshooting, configuring, and break fix topics for Microsoft developer tools and technologies.