My blog has moved and can now be found at

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Saturday, March 13, 2004
« (Maxim V. Karpov) - .NET D... | Main | Terminal Server security »

As many of you know, the number one priority at Microsoft these days is security. One of the ways we are implementing this priority is by focusing all the developer training sessions we do in the next couple of months on security. At Dev Days last week, the ASP.NET track was entirely focused on security. We have another day's worth of security training material that folks from our seminar team will be delivering over the next couple of months. (None of this is a repeat of the Dev Days content, although it covers many of the same topics.)

We are using several vehicles to deliver the same content, so let me try to lay out the vehicles and the dates. There are four sessions:

1.         Essentials of Application Security

2.         Writing Security – Best Practice

3.         Writing Security – Threat Defense

4.         Implementing Application Security by using the .NET Framework


Details of all four sessions are here.


There are three vehicles for delivering the developer content: Security Summits, MSDN Security Briefings, and MSDN Seminars.


In my area, there are two security summits: Washington, DC on April 8th and Philly on May 4th. Security Summits have three tracks. Two of the tracks are focused on IT professionals. You can read the details here. The two security summits also have a developer track. This will present all four of the seminars listed above.


We also have six MSDN Security Briefings in my geography: Roanoke, March 16th, Charlottesville, March 18th, Pittsburgh, March 25th, Richmond, May 18th, Norfolk, May 20th, and Allentown, June 1st. Each of these briefings will cover sessions one and two: Essentials of Application Security and Writing Security – Best Practice. Many of these sessions will be taught by local author and all-around .NET expert Andrew Duthie.


Finally, we have six MSDN Seminars here: Fairfax, March 23rd, Philadelphia, March 25th, State College, April 13th, Pittsburgh, April 15th, Norfolk, April 27th, and Richmond, April 29th. Each of these MSDN Seminars will cover sessions three and four: Writing Security – Threat Defense and Implementing Application Security by using the .NET Framework. (The sessions last week in Allentown and Linthicum were also the same content.)


Assuming my feet are functional, I will teach four of these seminars and the sessions in Norfolk and Richmond will be taught by my colleague Paul Murphy. I’m off to Detroit on Thursday of this week to try out the material in Motown.


So if you want to see all four of these application development security sessions, you can either go to one of the two security summits, or you can go to both an MSDN Security Briefing and an MSDN Seminar.

My team members who have already delivered the MSDN Seminar content tell me it’s getting rave reviews. People have literally run out of the seminar to call the office after they learned about vulnerabilities in their sites that they weren’t aware of. Security is different to other kinds of developer training. For anything else that developers do, you can keep making progress until you don’t know how to do something, then you check the documentation. When it comes to security, stuff you don’t know can get your company into trouble and you fired. Unless you do take some training, you literally don’t know what you don’t know.


For info on the IT professional sessions, check here and here.

Thanks Geoff!  Great Info indeed, especially for those out in the Mid-Atlantic Area :-)
Tags:: Security
3/13/2004 8:07 PM Eastern Standard Time  |  Comments [0]  |  Disclaimer  |  Permalink   
Comments are closed.