patterns & practices Security Videos


We did a focused set of security videos with Keith Brown a while back.  The problem is they’re not very findable (most customers I talk to aren’t aware of them).  I added them to soapbox and listed them below to see if it helps (note soapbox may prompt you to log in):


Input and Data Validation Videos



They’re designed to help you get key concepts behind some of our security guidance.   I also wanted to use somebody that was recognized in the field as somebody you could trust.  Keith’s proven himself for a long time in the security community.  He also has the aura of an experienced trainer, which I think comes across in these videos.

Comments (8)

  1. Mike Lucas says:

    It doesn’t help. Despite the fact that I have been watching MSDN webcasts for ages using my passport ID, I am not allowed into the site. Strangely if I try to get added to the registration database I am told that the email address is already in use.

  2. Kris says:

    I think sharing these kind of videos via Soapbox is silly to say the least. Why don’t you host these on say Channel 9 or some place on MSDN. I am not complaining about logging in but wouldn’t be nice to find these at one known place rather than screwn all over the net. And least of all I would not want to go to Soapbox from my work place.

  3. J.D. Meier says:

    Kris – They’ve been hosted on channel9 for over a year: http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.InputValidationTrainingModules

    I would like to see them on MSDN.

  4. J.D. Meier says:

    Mike – I’m not sure what the soapbox issue is, but here’s an alternative:

    * Paths, URL s, and Canonicalization: http://mylabs.members.winisp.net/videos/canonicalization.wmv

    * Cookies and Tamper Detection: http://mylabs.members.winisp.net/videos/cookies.wmv

    * Cross Site Scripting: http://mylabs.members.winisp.net/videos/crosssitescripting.wmv

    * Regular Expressions: http://mylabs.members.winisp.net/videos/regex.wmv

    * SQL Injection: http://mylabs.members.winisp.net/videos/sql_injection2.wmv

    * ASP.NET Validation Controls: http://mylabs.members.winisp.net/videos/validation.wmv

  5. Rui Quintino says:

    Just to drop a small note.

    I never see any reference to using Page.IsValid on server postback handlers. It’s mandatory for server validation! So, you don’t have any kind of security without page.isvalid! In fact I have my doubts that that particular web cast is goind to the server for validation as mentioned by Keith.

    I’ve said it before and I will say it again… it’s confusing for developers to have to check this and it should be done by the framework, or there should by a warning of some kind.

    From http://msdn.microsoft.com/msdnmag/issues/05/11/securewebapps/

    "…(just make sure to always enforce server-side validation by calling Page.IsValid)…"

  6. David says:

    This is gonsalez music site – <a href="http://www.gonsalez.info/314150.html">best music site in da world</a>.

Skip to main content