Attend this webcast to discover one of the most overlooked security features of Microsoft ASP.NET, code access security (CAS). By default, your applications have access to powerful functionality, like calling out to arbitrary unmanaged code, accessing code in other application domains, and accessing every feature of the Microsoft .NET Framework. Join us to see how you can use CAS to disable dangerous APIs, or restrict them to only the features you need. We illustrate how this dramatically reduces the attack surface and enables you to use the principle of least privilege and defense-in-depth design. Also, learn about the dangers of running in full trust and get an introduction to partial trust, its configuration, and its extensibility. In this session, we explore common scenarios for using CAS to show you how it is possible to write feature-rich applications while running in a secure sandbox.
Presenter:
Dominick Baier, Microsoft MVP, Least Privilege
Dominick Baier leads the security curriculum at DevelopMentor, where he teaches and authors courses on security for the Microsoft .NET Framework, ASP.NET, and the Windows Vista operating system. He holds a degree in computer science, is a certified lead auditor for the BS 7799/ISO 17799 information security standards , and speaks at various conferences worldwide about application security. A Visual Developer - Security Microsoft Most Valuable Professional (MVP), Dominick is writing a book about ASP.NET security for Microsoft Press. Dominick publishes security-related resources, conference presentations, and tools/sample code on his blog at www.leastprivilege.com. <<link www.leastprivilege.com to http://www.leastprivilege.com/>>
To avoid
possible problems, we suggest you temporarily
disable pop-up blocker software before viewing the
webcast.
