On Saturday 26th I presented Defensive Programming 101 at DDD Southwest. As you may or may not be aware, the Developer Developer Developer or DDD brand of events are free one day events for the community by the community. Speakers submit their sessions and the attendees decide which ones they would like to see. The sessions with the most votes make it into the conference.
This was my fourth DDD event as I have been lucky enough to present at DDD Scotland twice and DDD North. This time at DDDSW, I got the pre-lunch slot, so to be fair to the attendees, I usually speed up a bit so that they can get out for lunch a wee bit earlier and skip the queues.
DDD Southwest was very well organised, with plenty of food, good facilities and good technical gear on site. This makes your job when you are presenting a lot easier. They even managed to sort out some amazing weather for the event and even so there was still in excess of 300 people at the event. My thanks again to the organisers, for minding us and making sure we had a great conference experience.
Thanks again to those who made it to my session and as promised, here is a list of the resources slide (which as always gets skipped at the end because there is way too many links on it)
Resources Slide 1
- URLScan – http://technet.microsoft.com/en-us/security/cc242650
- IIS Configuring security - http://learn.iis.net/page.aspx/88/configuring-security/
- MSCASI tool - http://support.microsoft.com/kb/954476
- IIS Lockdown - http://technet.microsoft.com/en-us/library/dd450372%28WS.10%29.aspx
- AntiXSS Toolkit - http://wpl.codeplex.com/ (included by default in .NET 4.5)
- IIS Security Tools - http://www.iis.net/community/Security
- Advice from SDL - http://blogs.msdn.com/b/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx
Resources Slide 2
- Computer Security Vulnerabilities - http://www.security.nnov.ru/
- Top 10 Security Vulnerabilities in .NET Config Files - http://www.devx.com/dotnet/Article/32493/1763/page/1
- 2011 CWE/SANS Top 25 Software Errors - http://cwe.mitre.org/top25/#Brief
- OWASP Top 10 - https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
- Tory Hunt – OWASP Top 10 for .NET Devs - http://www.troyhunt.com/2011/12/free-ebook-owasp-top-10-for-net.html
- ASafaWeb - https://asafaweb.com/
As I said in my talk, many thanks to Troy Hunt for his kind permission on using some of the information on the ELMAH configuration errors which is detailed here
Posts
No comments:
Post a Comment