42 minutes read

Windows Azure Pack Authentication Part 3 – Using a Third Party IdP

In the previous installments of this series we looked at how Windows Azure Pack authenticates users and how it’s configured out of the box for federation. This time around we’re going to look at how you can configure federation with a third party IdP. Microsoft designed Windows Azure Pack the right way. It supports federation with industry protocols out of the box. You can’t say that for many services, and you certainly can’t say that those services support it natively for all versions – more often than not you have to pay extra for it. Windows Azure Pack supports federation,…

15 minutes read

Part 5: Incident Response Management with Team Foundation Server

Over on the Canadian Solution Developer’s blog I have a series on the basics of writing secure applications. It’s a bit of an introduction to all the things we should know in order to write software that doesn’t contain too many vulnerabilities. This is part five of the series, unedited for all to enjoy. There are only a few certainties in life: death, taxes, me getting this post in late, and one of your applications getting attacked.  Throughout the lifetime of an application it will undergo a barrage of attack – especially if it’s public facing.  If you followed the…

22 minutes read

Part 4: Secure Architecture

Over on the Canadian Solution Developer’s blog I have a series on the basics of writing secure applications. It’s a bit of an introduction to all the things we should know in order to write software that doesn’t contain too many vulnerabilities. This is part four of the series, unedited for all to enjoy. Before you start to build an application you need to start with a design of it.  In the last article I stated that bugs that are introduced at this stage of the process are the most expensive to fix throughout the lifetime of the project.  It…

26 minutes read

Part 2: Vulnerability Deep Dive

Over on the Canadian Solution Developer’s blog I have a series on the basics of writing secure applications. It’s a bit of an introduction to all the things we should know in order to write software that doesn’t contain too many vulnerabilities. This is part two of the series, unedited for all to enjoy. Know your enemy. In the previous post I stated that knowledge is key to writing secure code: Perhaps the most important aspect of the SDL is that it’s important to have a good foundation of knowledge of security vulnerabilities. In order to truly protect our applications…

10 minutes read

Part 1: Development Security Basics

Over on the Canadian Solution Developer’s blog I have a series on the basics of writing secure applications. It’s a bit of an introduction to all the things we should know in order to write software that doesn’t contain too many vulnerabilities.  This is part one of the series, unedited for all to enjoy. Every year or so a Software Security Advocacy group creates a top 10 list of the security flaws developers introduce into their software.  This is something I affectionately refer to as the stupid things we do when building applications list.  The group is OWASP (Open Web…

1 minute read

Talking about Security Article Series

Over on the Canadian Solution Developer’s blog I have a series on the basics of writing secure applications.  It’s a bit of an introduction to all the things we should know in order to write software that doesn’t contain too many vulnerabilities. Obviously it’s not a series on everything you need to know about security, but hopefully it’s a starting point.  My goal is to get people to at least start talking about security in their applications. This is the series: Part 1: Development Security Basics Part 2: Vulnerability Deep Dive Part 3: Secure Design and Analysis in Visual Studio…

2 minutes read

Visual Studio TFS Lab Management

One of my ongoing projects is to dive deeply into Visual Studio Team Foundation Server 2010.  TFS is pretty easy to get up and running, but as you get into some of the advanced features like Build Services and Lab Management, it gets kind of tricky.  Luckily there’s a fair bit of guidance from our favorite blue badged company. On the Lab Management Team Blog there is a 4 part walkthrough on Getting Started with Lab Manager in TFS.  Since they are using the RC build of TFS, the walkthrough was pretty spot on to the RTM build.  Here is…

4 minutes read

AntiXss vs HttpUtility – So What?

Earlier today, Cory Fowler suggested I write up a post discussing the differences between the AntiXss library and the methods found in HttpUtility and how it helps defend from cross site scripting (xss).  As I was thinking about what to write, it occurred to me that I really had no idea how it did what it did, and why it differed from HttpUtility.  <side-track>I’m kinda wondering how many other people out there run in to the same thing?  We are told to use some technology because it does xyz better than abc, but when it comes right down to it,…

0 minutes Less than a minute read

WinFS

WinFS has been puttering around my idle thoughts lately.  Yep, weird. Why is it still available on MSDN and TechNet subscriptions? Food for thought.

3 minutes read

Visual Studio Step Up Promotion…The Headache

A few months ago some friends of mine at Microsoft told me about a step-up promotion that was going on for the release of Visual Studio 2010.  If you purchased a license for Visual Studio 2008 through Volume Licensing, it would translate into the next version up for the 2010 version.  Seems fairly straightforward but here is the actual process: So we upgraded our licenses to benefit from the step up.  Problem was, we couldn’t access any of the applications we were licensed to use (after RTM, obviously).  After a week or so of back and forth with Microsoft we…