Dan Maharry

Writing about web development since 1997

This Is Evie

So it came to pass that our plan for world domination and propagation of our surname has come to pass. This is our new daughter, Evie. Say hello Evie...

EvieRides

Review: Beginning ASP.NET Security

We all want our websites to be secure. We always think this when we start to write one. And then, after we've implemented some 90% of it, we start to wonder whether or not anything we've written is actually as secure as a very secure vault based on the moon or as secure as the drunk in the pub with informational diarrhoea. And, having decided the latter, we make a hasty attempt to obfuscate our code, prevent injection attacks, maybe encrypt a few things and generally make ourselves feel better about it, not knowing how well we've covered our backs, if at all.

Developing secure applications, be they desktop- or web-based, requires us to do two things:

  • Be aware of potential vulnerabilities in our code
  • Include and work to prevent these security issues throughout development.

Now Beginning ASP.NET Security can't make you change your development process, but what it does do with aplomb is bring you up to speed with common potential vulnerabilities to your website, best practices to avoid them and, where applicable, how to keep up to date with new developments.

With sixteen chapters covering basic page-coding, common ASP.NET framework tasks, and finally tasks out in IIS and .NET as a whole, the book is concise, clearly written, and, most importantly, emphasizes that coding securely isn't as hard or as time-consuming as you might otherwise have thought. On the other hand, it will also highlight the number of flaws in your previous sites you didn't even realise were there. You might subtitle this book "Or Why I Learned To Stop Worrying And Get On With Plugging My Security Holes."

As a former stalwart speaker around UK user groups on Security and now newly resident in Seattle working for the MS Information Security team, Barry Dorrans has been passing his security knowledge on to we Brits for ages and it shows. Each chapter is written around an individual security problem you'll most likely need to attend to before releasing your website live. The crux of the problem is described and, where possible / legal, examples given of how it can be exploited, before solutions are given, often as easy-to-reuse code or instructions you can implement in your own projects. To his credit, it's only in the chapter on hashing and encryption where readers may well get bogged down in the theory of it all, but then again, it's the chapter on hashing and encryption so a fair amount of that should be expected and there's perhaps more plain English here than other attempts have managed.

All in all, Beginning ASP.NET Security is a great book to have in your reference library. It's confidence boosting because what security measures you may have put in place before will be verified (or corrected) in its pages and those you didn't know already soon will be in place - another good set of pro-points to put forward to potential clients during that all-important pitch. There are niggles sure but they are slowly being addressed as Barry releases errata notes on his blog.

Final score 8/10 - well worth the money.

Buy this on Amazon UK  Buy Programming ASP.NET 3.5 on Amazon US

Silverlight Masterclass UK (and how to win a place on it)

The Silverlight Tour comes to the UK – and it’s called the Masterclass!

This 3 day hands-on training with both designer and developer tracks looks awesome and (uniquely) has two expert trainers per course.

Currently scheduled in London, Manchester, and the Midlands for June, all courses also come with the chance to win an xbox 360, and Silverlight Spy licences!

Early bird discount of £100 if you book in May, and if you are a member of #SLUGUK or #nxtgenug there are additional discounts to be had.

Full Details are here: http://silverlightmasterclass.net

In addition bbits are holding a raffle for a free ticket for the masterclass. To be eligible to win the ticket (worth £1095!) you MUST paste this text, including all links, into your blog and email Ian@bbits.co.uk with the url to the blog entry.  The draw will be made on June 1st and the winner informed by email and on http://silverlightmasterclass.net