Patrick Hynds

When the enterprise depends on your application, careful attention to security is essential. This session provides specific recommendations to follow when developing secure ASP.NET Web applications and services, and focuses on the details of configuring IIS for security. Understand how to use: authentication  authorization  thread modeling  configuration settings secure database access This session will help you to to create secure systems, and learn common coding techniques for storing secrets, error handling, data validation, and code access security. When the enterprise depends on your application, careful attention to security is essential. This session provides specific recommendations to follow when developing secure ASP.NET Web applications and services, and focuses on the details of configuring IIS for security. Understand how to use: authentication  authoriz... (more)

Tech·Ed Extra: Ballmer Keynote Puts Windows Server Center Stage

Patrick Hynds, Security Editor of .NET Developer's Journal, writes: Every year at Tech·Ed I make it a point to attend the opening keynote which is often delivered by Steve Ballmer. This year Steve came out very hopeful and predicted that we are on the upswing of the IT cycle, while he is often upbeat he argued his case well. He said things like "Exciting time" and "Innovations like never before." Also, as I have come to expect from Steve, he covered a wide range of topics that mapped closely with the products that MS is most motivated to see increase their market share. This list... (more)

i-Technology Opinion: Will Cyber Storm "Break the Internet"?

Information Storage & Security Journal Co-Editor-in-Chief Patrick Hynds writes: The U.S. deparment of Homeland Security is performing a readiness test this month called Cyber Storm, after rescheduling. The Cyber Storm exercise is about ensuring and testing against a computer based attack or hack against public infrastructure targets as well as some parts of the private sector. This has caused some (on Slashdot.org for example) to decry it as idiocy that will only "break the Internet". These are likely the same people who would apportion blame if an attack came and we found oursel... (more)

Writing Apps That Fight Back

In the early days of networked applications, application security was as simple as running programs on a "hardened box" behind a firewall. As general developer security IQ improved, we learned to write safer code, code that checked identities and principals, code that filtered user input. Most hacker activity was targeted at getting network access anyway, so security was thought of more as the network and database administrator's domain and not really the developer's responsibility. However, things have changed. The FBI estimates that 70% to 80% of attacks aren't going after the ... (more)

Information Security - No Longer the Perennial Afterthought

Storage always seems to come first in technical discussions and security seems to be the perennial afterthought. This can be considered reasonable given how we shop for things in general, namely finding the thing that meets our expectations and then ensure it has all the bells and whistles. The good news is that this seems to be changing bit by bit as our industry realizes that security is no longer a nice-to-have feature, but is actually a core requirement. This movement was brought into focus recently when Patrick was involved in a meeting with Senator John Sununu of New Hampsh... (more)