Security training alert, Security training alert.
One of my co-workers, Dan Sellers, along with a few MVPs (including Bill Baldasti of Infusion Dev) is going to do a set of web casts focusing on Web Security. Dan is our security guru at MSDN Canada, he received many awards for the best speaker including the one at the last years West Coast Security Forum: http://www.wcsf.com/. Dan is going to focus on Web Security, an initiative we call: Web Security November. The web casts will happen every Wednesday : Same Place (MSDN Canada) and at same time (1:00 – 2:00 PM EST).
The 4 web cast series is below. It has been designed with flow in mind, and we will post all the recordings on our web cast page, so you can catch up in the case you miss one.
November 9th 2005 – Web Security November: Developing Secure ASP .NET Applications – a Hacker’s Approach (ASP.NET Security 1/4)
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032282864&Culture=en-CA
Join us as we highlight common techniques that hackers may use to compromise your web application. Once we understand the mindset of the hacker, we will discuss strategies and a series of ASP .NET development best practices that can mitigate these threats
November 16, 2005 - Web Security November: Forms Authentication / Membership and Authorization (ASP.NET Security 2/4)
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032282865&Culture=en-CA
ASP.NET 2.0 supports a new membership API. This session will discuss how to create your own custom provider for Active Directory Application Mode as well as the best practices for protecting forms authentication and cookies from spoofing. Password policies and password lockouts will also be demonstrated with the new Membership Provider API. Finally, we also explore the new Role Provider and Authorization features in ASP.NET 2.0
November 23, 2005 - Web Security November: Delegation and Impersonation (ASP.NET Security 3/4)
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032282867&Culture=en-CA
This session will discuss how to choose between a trusted subsystem using the Web Application's process identity or impersonation with the caller's identity to access resources. This session will demonstrate how to best configure a trusted subsystem by combining Code Access Security as well as impersonation/delegation. This session will wrap up by examining the two different mechanisms available for encrypting connection strings in the WebConfig.
November 30, 2005 - Web Security November: Practical Security for Internet and Extranet Solutions (ASP.NET Security 4/4)
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032282868&Culture=en-CA
This session discusses how to implement security best practices for Internet and extranet solution development. This session will provide security guidance specific to Internet applications including on accessing data across security boundaries, implementing strong authorization and authentication schemes, and integration with public Web services. The session also covers privacy concerns that can arise when dealing with personal information