realDEVELOPMENT_06 tour is Coming!

Earlier this week, MSDN Canada announced the realDEVELOPMENT_06 tour. realDEVELOPMENT_06 will feature two sets of sessions; one entitled, “Web Platform” and the other entitled, “Security on the Brain”. The Web Platform Sessions will feature talks on technologies that fall into the Web 2.0 camp. Specifically, we’ll examine Windows Live and ASP.NET “Atlas”. The Security on…

IOSEC and Anti-Cross Site Scripting Tool

Recently, Microsoft released the latest update to Anti-Cross Site Scripting tool which is part of a bigger plan known as the Microsoft IOSEC—an internal library.    The IOSEC library currently implements encoding protection against XSS attacks conducted through vectors such as HTML, URLs, JavaScript, HtmlAttributes and Visual Basic Script.  The Anti-Cross Site Scripting Library currently…

Code Scanning Tools’ WebCast for on-demand viewing is available

The on-demand version of the Visual Studio 2005 and Code Scanning Tools, conducted on March 15, 2006,by Kevin Lam and I, is now available for on-demand viewing. Look forward to seeing everyone for next week webcast.

Team Foundation Server Ships Tomorrow

You may not have heard it here first, but Rick LaPlante announced today, at SDWest 2006, that Microsoft is releasing Visual Studio 2005 Team Foundation Server tomorrow—March 17, 2006.  This was reported in Rob Carron’s blog.  Team Foundation Server should be available for download on MSDN within 3 – 5 days.


The New Beta Experience: This is really cool!!!

The Beta Experience is the new testing platform with tailor-made information for Microsoft developers. By registering to the Beta Experience you will be provided with the opportunity to download or order the latest Beta versions of Microsoft software for testing and the Beta Experience newsletter (6-weekly, terminated with the launch of the final version of the software)…

Speaking at VSLive and 10% Discount for VSLive Registration

This year I will be speaking at VSLive in Toronto.  VSLive will be held at the Toronto Congress Centre from April 24-27, 2006.  I will be doing one of my favorite talks on the last day of the event titled: “Developing Advanced Custom Providers for ASP.NET 2.0 Membership & Role Management” as part of the…

Webcast’s Post Notes: Visual Studio 2005 and Code Scanning Tools

In today’s webcast we had the opportunity to explore the buffer overrun attack in depth which is considered one of the worst vulnerabilities that exist.  Any code that is written in C or C++ –without proper security code reviews–on any platform is susceptible to buffer overrun.  It is becoming easier and easier to create shell…


Making Your Application a Windows Vista Application: The Top Ten Things to Do

Back in December 2005 Microsoft created a series on the top ten things to do to make your Applications a Vista Application.  The original article can be seen here!  Since then there has been additional articles with the latest one being released this month on application compatibility: The Windows Vista Developer Story: Search and Organize…


Ops!!! SecurePasswordTextBox Update now Available

After last week WebCast–in which I talked about the new System.Security.SecureString class as well as the cool SecurePasswordTextBox that Paul Glavs wrote–he experienced an sudden increase in downloads.  You can read about it here! Recently, Paul has updated his tool and can now be downloaded.  Great tool and thanks for sharing it with everyone Paul!

ASP.NET 2.0 and the new HTTP-only property

To minimize the threat of Cross Site scripting attacks ASP.NET 1.1 introduced the ValidateRequest=”true” on the @ Pages element.  Recently, Microsoft improved the HttpUtility.HtmlEncode with the new Anti-XSS tool.  But another subtle and equally important addition in ASP.NET 2.0 is the HTTP-only option.  HTTP-only is a flag that you can append to cookies and helps…