Dan Sellers's WebLog

A Passion for .NET Security

My last Day at Microsoft

Today is my last day at Microsoft. I wanted to thank everyone for joining me in my Security talks...

Date: 10/18/2006

Security Myth: Only Large Development Teams can Write Secure Code

I would recommend that you share this post on the https://blogs.msdn.com/S4CD with anyone that...

Date: 09/20/2006

IIS 6.0 and ASP.NET 2.0 Credentials--Part Two

The ASP.NET User Principal (HTTPContext.User) clearly depends upon the Authentication Mechanism that...

Date: 08/25/2006

IIS 6.0 and ASP.NET 2.0 Credentials

The one area that many developers do not have good grasp at is how Authentication tokens from IIS...

Date: 08/24/2006

New Security Blog dedicated to Canadian Developers

Wow, it has been a while since I did my last blog post. It may look like I disappeared but I am...

Date: 08/23/2006

Regulatory Compliance: An Introduction to Compliance for Developers

With the ever increasing regulatory requirements for organizations, many of the applications we...

Date: 03/27/2006

SQL Server 2005 Security for Developers Webcast for on-demand viewing is available

The on-demand Webcast of SQL Server 2005 for Developers, conducted on March 22, 2006, by Rob...

Date: 03/24/2006

"Atlas" March CTP with Go Live license, now available

At MIX06, it was announced that the "Atlas" March CTP is now available and it has a Go Live license...

Date: 03/22/2006

Regenerating Keys in SQL Server 2005

In my latest Webcast on SQL Server 2005 Security one of the questions that came up was: “If some...

Date: 03/22/2006

Post Webcast’s Notes: Securing SQL Server 2005 for Developers

This morning was a jammed filled session covering off a lot of changes made to Microsoft SQL Server...

Date: 03/22/2006

realDEVELOPMENT_06 tour is Coming!

Earlier this week, MSDN Canada announced the realDEVELOPMENT_06 tour. realDEVELOPMENT_06 will...

Date: 03/22/2006

IOSEC and Anti-Cross Site Scripting Tool

Recently, Microsoft released the latest update to Anti-Cross Site Scripting tool which is part of a...

Date: 03/19/2006

Code Scanning Tools' WebCast for on-demand viewing is available

The on-demand version of the Visual Studio 2005 and Code Scanning Tools, conducted on March 15,...

Date: 03/16/2006

Team Foundation Server Ships Tomorrow

You may not have heard it here first, but Rick LaPlante announced today, at SDWest 2006, that...

Date: 03/16/2006

The New Beta Experience: This is really cool!!!

The Beta Experience is the new testing platform with tailor-made information for Microsoft...

Date: 03/15/2006

Speaking at VSLive and 10% Discount for VSLive Registration

This year I will be speaking at VSLive in Toronto. VSLive will be held at the Toronto Congress...

Date: 03/15/2006

Making Your Application a Windows Vista Application: The Top Ten Things to Do

Back in December 2005 Microsoft created a series on the top ten things to do to make your...

Date: 03/14/2006

Ops!!! SecurePasswordTextBox Update now Available

After last week WebCast--in which I talked about the new System.Security.SecureString class as well...

Date: 03/14/2006

ASP.NET 2.0 and the new HTTP-only property

To minimize the threat of Cross Site scripting attacks ASP.NET 1.1 introduced the...

Date: 03/13/2006

Least Privilege Development in Microsoft Windows Vista

In my last Webcast on Least Privilege I eluded to the fact that this was going to change with the...

Date: 03/10/2006

Thoughts on Security Analogies

I thought I would share Michael Howard's recent blog on "Security Analogies are Wrong". I agree with...

Date: 03/10/2006

On Demand WebCast: Least Privilege Development and New System.Security Features

The latest Webcast "Least Privilege Development and New System.Security Features" which is part two...

Date: 03/10/2006

Microsoft Threat Analysis & Modeling tool v 2.0 (Beta 2)

Today Microsoft released Beta 2 of the second version of the Threat Modeling and Analysis Tool for...

Date: 03/10/2006

Answer to the Trivial Question

The answer to the trivial question from my blog based upon the March 8, 2006 WebCasts “Least...

Date: 03/09/2006

Developing as Non Admin with Admin Access on a Server

Here is another cool trick for running under Non Admin that was shared to me be by Aaron and works...

Date: 03/09/2006

WebCast's Notes: Least Privilege and New System.Security Features

In today’s Webcast we first started off with a continuation from last week. Last week we explored...

Date: 03/08/2006

Microsoft Updated Anti-XSS Tool

In a recent post I mentioned that Microsoft released a new Anti-Cross Site Scripting Tool. However,...

Date: 03/07/2006

Input Validation in ASP.NET? Bug or Not?

Recently I was pinged by a colleague in the security field and he asked me a question on why the...

Date: 03/07/2006

Partial Trust Development WebCast's Recording is now available for on-demand viewing

Last Wednesday--March 1, 2006--I delivered part one of my five part WebCasts' series on the new...

Date: 03/06/2006

Least User Priviledge WhitePaper Released

This Wednesday--March 8, 2006--I will be doing part two of my part 5 Webcasts on some of the tools...

Date: 03/06/2006

Plumbers@Work Episode #4 is now recorded and available

Our forth episode #4 of plumbers at work is now online for listening pleasure. Show Notes...

Date: 03/06/2006

Microsoft Security Initiatives--Objective Point of View

I have come to know and respect Dana Epp for over 3 years now. The one thing I can say about Dana is...

Date: 03/03/2006

Regular Expression: The Theory behind it!

When it comes to validating input regular expression becomes a very important part of your security...

Date: 03/03/2006

WebCast NOTES: Partial Trust Development with Visual Studio 2005

On Wednesday March 1, 2006 I conducted part one of a five part series titled “Security on the...

Date: 03/02/2006

ASP.NET 2.0 Security Training Modules and Videos!!!

The ASP.NET 2.0 and security team has released excellent training modules on APS.NET 2.0 security,...

Date: 02/27/2006

Cool ASP.NET 2.0 RSS Toolkit Released!

I just finished creating a web site that receives RSS feeds by using the ASP.NET 2.0 toolkit created...

Date: 02/27/2006

The Code Room: BREAKING INTO VEGAS!

The Code Room is online ½ hour TV show focusing on developers and the programming challenges that...

Date: 02/26/2006

Microsoft Release new Anti-XSS tool

Microsoft just released a new Anti-XSS tool that works with .NET Framework 1.0, 1.1 and 2.0. Anytime...

Date: 02/23/2006

SECURITY ON THE BRAIN Webcast Series

Wow! We currently have 1800 people registered for Security on the Brain Webcasts. There is still...

Date: 02/23/2006

RSA 2006: Secure Software is up to Business

One of the themes discussed at RSA 2006 was Secure Software. Secure software is up to businesses and...

Date: 02/23/2006

Windows Vista and WinFX February CTP just released!

The February CTP for Windows Vista, Windows SDK (and WinFX) and Orcas technologies such as Cider...

Date: 02/23/2006

Snippy—a cool UI tool for building Code Snippets

As I mentioned in my last blog entry I think Code Snippets is one my favorite features in Visual...

Date: 02/22/2006

New C# Code Snippets for Visual Studio 2005

I would have to rank Code Snippets as one of my favorite features added to Visual Studio 2005. But...

Date: 02/22/2006

MSDN Forums Integrated with Visual Studio 2005

If you have been using Visual Studio 2005 at least once you will have probably noticed that the...

Date: 02/22/2006

Where are the Security Configuration Tools in .NET Fx 2.0?

When I recently installed only the v2.0 .NET redist package, I noticed that the .NET Configuration...

Date: 02/22/2006

DACL guidance to writing Services

If you are writing Services for Windows then you need to read the just released Microsoft Knowledge...

Date: 02/22/2006

ASP.NET How Do I Video Series

The ASP.NET team created some high quality video series on ASP.NET 2.0 – the How Do I video series....

Date: 02/21/2006

Web-Security v1.1 is now a Standard

The OASIS group has officially approved WS-Security v1.1 as a standard. Check out the official...

Date: 02/19/2006

Data Validation—Deny-list or Approve-list approach?

I think by now we all know that all data input from a Web UI should be considered evil until...

Date: 02/16/2006

Next>