Writing Secure Code - Best Practices

My first Microsoft webcast went pretty good.  I decided to ask Mike D to help me answer questions during the presentation.  We thought it would add a nice interactive dimension throughout the presentation – I could focus on the presentation and the demos (one went boom – still don’t know why) – and he could answer the many (wow there were lots) questions submitted by attendees.   I’m going to post the slides and demo files on www.dotnetwired.com in a public document repository (meaning that you won’t need to be a member of the site to gain access to the files).  I’ll add a blog entry when I get that done – which I would expect would be this weekend.

Many thanks to Mike for helping out (as he always does).  Time to get ready for Friday’s webcast on Threat Mitigation techniques.

3 Comments

  • "...as he always does."



    Yeah right. I HAD to help you out, otherwise you wouldn't stop giving me grief for jamming out of the Winnipeg .NET User Group meeting last week!



    ;)



    It was fun.

  • Hi Joel,

    I thought your seminar was really useful and it gave me a lot to chew over. One of the main things that I liked was the concept of developing on ASP.NET with non-admin user privileges.

    However I noticed one thing, which I find, is a general issue with concept of development with least privilege. You still need to run certain apps in admin mode.

    In large organizations, typically, you are given one user id and that's it. Nobody would part with admin user ids to non network admin people. So if your user id has low privileges and you don’t have an admin user id to use then you’re stuck :)

    I currently develop on Win 2K Professional with VS.NET 2002 (Yeah I know its "old" but that’s what our company standardized on).

    Is there anyway to manage the IIS web server without using runas? How would you deal with such a situation?

  • Hello. I enjoyed your webcast, Writing Secure Code. I am trying to download the demos from www.dotnetwired.com I checked the download link but was not allowed access. Could you please advice what I am suppose to do?



    Thank you,

    Le

    thumb90@hotmail.com

Comments have been disabled for this content.