Dan Sellers's WebLog
A Passion for .NET Security
My last Day at Microsoft
Today is my last day at Microsoft. I wanted to thank everyone for joining me in my Security talks...
Date: 10/18/2006
Security Myth: Only Large Development Teams can Write Secure Code
I would recommend that you share this post on the https://blogs.msdn.com/S4CD with anyone that...
Date: 09/20/2006
IIS 6.0 and ASP.NET 2.0 Credentials--Part Two
The ASP.NET User Principal (HTTPContext.User) clearly depends upon the Authentication Mechanism that...
Date: 08/25/2006
IIS 6.0 and ASP.NET 2.0 Credentials
The one area that many developers do not have good grasp at is how Authentication tokens from IIS...
Date: 08/24/2006
New Security Blog dedicated to Canadian Developers
Wow, it has been a while since I did my last blog post. It may look like I disappeared but I am...
Date: 08/23/2006
Regulatory Compliance: An Introduction to Compliance for Developers
With the ever increasing regulatory requirements for organizations, many of the applications we...
Date: 03/27/2006
SQL Server 2005 Security for Developers Webcast for on-demand viewing is available
The on-demand Webcast of SQL Server 2005 for Developers, conducted on March 22, 2006, by Rob...
Date: 03/24/2006
"Atlas" March CTP with Go Live license, now available
At MIX06, it was announced that the "Atlas" March CTP is now available and it has a Go Live license...
Date: 03/22/2006
Regenerating Keys in SQL Server 2005
In my latest Webcast on SQL Server 2005 Security one of the questions that came up was: “If some...
Date: 03/22/2006
Post Webcast’s Notes: Securing SQL Server 2005 for Developers
This morning was a jammed filled session covering off a lot of changes made to Microsoft SQL Server...
Date: 03/22/2006
realDEVELOPMENT_06 tour is Coming!
Earlier this week, MSDN Canada announced the realDEVELOPMENT_06 tour. realDEVELOPMENT_06 will...
Date: 03/22/2006
IOSEC and Anti-Cross Site Scripting Tool
Recently, Microsoft released the latest update to Anti-Cross Site Scripting tool which is part of a...
Date: 03/19/2006
Code Scanning Tools' WebCast for on-demand viewing is available
The on-demand version of the Visual Studio 2005 and Code Scanning Tools, conducted on March 15,...
Date: 03/16/2006
Team Foundation Server Ships Tomorrow
You may not have heard it here first, but Rick LaPlante announced today, at SDWest 2006, that...
Date: 03/16/2006
The New Beta Experience: This is really cool!!!
The Beta Experience is the new testing platform with tailor-made information for Microsoft...
Date: 03/15/2006
Speaking at VSLive and 10% Discount for VSLive Registration
This year I will be speaking at VSLive in Toronto. VSLive will be held at the Toronto Congress...
Date: 03/15/2006
Making Your Application a Windows Vista Application: The Top Ten Things to Do
Back in December 2005 Microsoft created a series on the top ten things to do to make your...
Date: 03/14/2006
Ops!!! SecurePasswordTextBox Update now Available
After last week WebCast--in which I talked about the new System.Security.SecureString class as well...
Date: 03/14/2006
ASP.NET 2.0 and the new HTTP-only property
To minimize the threat of Cross Site scripting attacks ASP.NET 1.1 introduced the...
Date: 03/13/2006
Least Privilege Development in Microsoft Windows Vista
In my last Webcast on Least Privilege I eluded to the fact that this was going to change with the...
Date: 03/10/2006
Thoughts on Security Analogies
I thought I would share Michael Howard's recent blog on "Security Analogies are Wrong". I agree with...
Date: 03/10/2006
On Demand WebCast: Least Privilege Development and New System.Security Features
The latest Webcast "Least Privilege Development and New System.Security Features" which is part two...
Date: 03/10/2006
Microsoft Threat Analysis & Modeling tool v 2.0 (Beta 2)
Today Microsoft released Beta 2 of the second version of the Threat Modeling and Analysis Tool for...
Date: 03/10/2006
Answer to the Trivial Question
The answer to the trivial question from my blog based upon the March 8, 2006 WebCasts “Least...
Date: 03/09/2006
Developing as Non Admin with Admin Access on a Server
Here is another cool trick for running under Non Admin that was shared to me be by Aaron and works...
Date: 03/09/2006
WebCast's Notes: Least Privilege and New System.Security Features
In today’s Webcast we first started off with a continuation from last week. Last week we explored...
Date: 03/08/2006
Microsoft Updated Anti-XSS Tool
In a recent post I mentioned that Microsoft released a new Anti-Cross Site Scripting Tool. However,...
Date: 03/07/2006
Input Validation in ASP.NET? Bug or Not?
Recently I was pinged by a colleague in the security field and he asked me a question on why the...
Date: 03/07/2006
Partial Trust Development WebCast's Recording is now available for on-demand viewing
Last Wednesday--March 1, 2006--I delivered part one of my five part WebCasts' series on the new...
Date: 03/06/2006
Least User Priviledge WhitePaper Released
This Wednesday--March 8, 2006--I will be doing part two of my part 5 Webcasts on some of the tools...
Date: 03/06/2006
Plumbers@Work Episode #4 is now recorded and available
Our forth episode #4 of plumbers at work is now online for listening pleasure. Show Notes...
Date: 03/06/2006
Microsoft Security Initiatives--Objective Point of View
I have come to know and respect Dana Epp for over 3 years now. The one thing I can say about Dana is...
Date: 03/03/2006
Regular Expression: The Theory behind it!
When it comes to validating input regular expression becomes a very important part of your security...
Date: 03/03/2006
WebCast NOTES: Partial Trust Development with Visual Studio 2005
On Wednesday March 1, 2006 I conducted part one of a five part series titled “Security on the...
Date: 03/02/2006
ASP.NET 2.0 Security Training Modules and Videos!!!
The ASP.NET 2.0 and security team has released excellent training modules on APS.NET 2.0 security,...
Date: 02/27/2006
Cool ASP.NET 2.0 RSS Toolkit Released!
I just finished creating a web site that receives RSS feeds by using the ASP.NET 2.0 toolkit created...
Date: 02/27/2006
The Code Room: BREAKING INTO VEGAS!
The Code Room is online ½ hour TV show focusing on developers and the programming challenges that...
Date: 02/26/2006
Microsoft Release new Anti-XSS tool
Microsoft just released a new Anti-XSS tool that works with .NET Framework 1.0, 1.1 and 2.0. Anytime...
Date: 02/23/2006
SECURITY ON THE BRAIN Webcast Series
Wow! We currently have 1800 people registered for Security on the Brain Webcasts. There is still...
Date: 02/23/2006
RSA 2006: Secure Software is up to Business
One of the themes discussed at RSA 2006 was Secure Software. Secure software is up to businesses and...
Date: 02/23/2006
Windows Vista and WinFX February CTP just released!
The February CTP for Windows Vista, Windows SDK (and WinFX) and Orcas technologies such as Cider...
Date: 02/23/2006
Snippy—a cool UI tool for building Code Snippets
As I mentioned in my last blog entry I think Code Snippets is one my favorite features in Visual...
Date: 02/22/2006
New C# Code Snippets for Visual Studio 2005
I would have to rank Code Snippets as one of my favorite features added to Visual Studio 2005. But...
Date: 02/22/2006
MSDN Forums Integrated with Visual Studio 2005
If you have been using Visual Studio 2005 at least once you will have probably noticed that the...
Date: 02/22/2006
Where are the Security Configuration Tools in .NET Fx 2.0?
When I recently installed only the v2.0 .NET redist package, I noticed that the .NET Configuration...
Date: 02/22/2006
DACL guidance to writing Services
If you are writing Services for Windows then you need to read the just released Microsoft Knowledge...
Date: 02/22/2006
ASP.NET How Do I Video Series
The ASP.NET team created some high quality video series on ASP.NET 2.0 – the How Do I video series....
Date: 02/21/2006
Web-Security v1.1 is now a Standard
The OASIS group has officially approved WS-Security v1.1 as a standard. Check out the official...
Date: 02/19/2006
Data Validation—Deny-list or Approve-list approach?
I think by now we all know that all data input from a Web UI should be considered evil until...
Date: 02/16/2006