Here you’ll find videos that explore a variety of security questions for developers, including encryption, handling attacks, security best practices, and a lot more. New videos are added regularly, so check back often. http://msdn2.microsoft.com/security/bb896640.aspxx en-US Tue, 19 May 2009 10:43:37 -0800 Tue, 25 Mar 2008 15:21:34 -0700 1440 FeedForAll v2.0 (2.0.2.9) http://www.feedforall.com This video will show you how to modify the default work items that are included in the SDL Process Template. We will cover how to modify the default work items that are created in your new SDL Process Template team project. We will also review how to modify the default work item types - such as Task or Bug. The Microsoft SDL Process Template for Visual Studio Team System was created to ease adoption of the SDL by automatically integrating the policy, process and tools of the Security Development Lifecycle v4.1 into Visual Studio Team System 2008. http://msdn2.microsoft.com/security/dd867638.aspx 9AB6E68K-B3F4-483E-C017-7A2FC399738E Tue, 19 May 2009 15:20:45 -0700 This video will show you how to use the SDL Process Template document templates and security metrics reporting. The built in SDL document templates will help you jump start your use of the Microsoft SDL. The reporting will allow you to improve your visibility into the key security risks for your application and the progress your team is making toward their security goals. The Microsoft SDL Process Template for Visual Studio Team System was created to ease adoption of the SDL by automatically integrating the policy, process and tools of the Security Development Lifecycle v4.1 into Visual Studio Team System 2008. http://msdn2.microsoft.com/security/dd867639.aspx 9AB6E67G-B3F4-483E-C017-7A2FC399738E Tue, 19 May 2009 15:20:45 -0700 In this video we will first show you how to install the SDL Process Template. Then we will walk you through how to begin using it in your new project. The Microsoft SDL Process Template for Visual Studio Team System was created to ease adoption of the SDL by automatically integrating the policy, process and tools of the Security Development Lifecycle v4.1 into Visual Studio Team System 2008. http://msdn2.microsoft.com/security/dd819921.aspx 9AB6E67A-B3F4-483D-C017-7A2FC399738E Tue, 19 May 2009 15:20:45 -0700 In this video we will introduce you to the SDL Process Template check-in policies and then show you how to enable the check-in policies for yourself and your team. Finally, we will demonstrate the check-in policies in action as well as how you can be alerted when someone overrides a check-in policy. http://msdn2.microsoft.com/security/dd819920.aspx 9AB6E67A-B3F4-483D-C017-7A2FC399738A Tue, 19 May 2009 15:20:45 -0700 This How-Do-I video shows you how to use neXpert, an add-on to Fiddler, which automates the classic performance best practice checks and produces a HTML report on the issues found in a Fiddler capture. neXpert adds the ability to insert step markers in Fiddler sessions to associate network objects together (create transactions). Using these steps, neXpert looks for performance issues and generates a HTML report based on the findings. http://msdn2.microsoft.com/security/dd573302.aspx 9AB6E67A-B3F4-483F-C017-7A2FC399738A Sun, 22 Feb 2009 15:20:45 -0700 As you know, if you use .NET Framework, you can already develop in Azure. That's great news as you can apply these techniques to your cloud app. Join Katheryn Baker as she explains the basics of the integrated security model, Code Access Security, in the .Net Framework. Learn more about how Code Access Security works conceptually, and how to implement it with a simple application. http://msdn2.microsoft.com/security/dd442474.aspx 9AB6E67A-B3F4-483F-B017-7A2FC489738A Thurs, 5 Feb 2009 15:20:45 -0700 As you know, if you use Visual Studio, you can already develop in Azure. That’s great news as you can apply encryption to your cloud app. Join Katheryn Baker as she explains the basics behind encryption algorithms and practices used to create cryptographic schemes. Learn more about symmetric and asymmetric encryption algorithms, the SHA256 hash encryption algorithms, and how to implement in a simple application. http://msdn2.microsoft.com/security/dd442480.aspx 9AB6E67A-B3F4-483F-B017-7A2FC399738A Thurs, 5 Feb 2009 15:20:45 -0700 As you know, if you use .NET Framework, you can already develop in Azure. That's great news as you can apply these techniques to your cloud app. Join Katheryn Baker as she explains the basics of the integrated security model, Code Access Security, in the .Net Framework. Learn more about how Code Access Security works conceptually, and how to implement it with a simple application. http://msdn2.microsoft.com/security/dd442474.aspx 9AB6E67A-B3F4-483F-B017-7B2FC399738A Thurs, 5 Feb 2009 15:20:45 -0700 In this How-Do-I video, Lamees Ayman will show us how to export and import certificates. http://msdn2.microsoft.com/security/cc424865.aspx 0D0D1D88-3052-41A6-8164-47BB5AB8D4CA Tue, 25 Mar 2008 15:21:34 -0700 Create an ASP.NET 2.0 Web reference and a Windows Communication Foundation service reference to an ASMX Web service using Visual Studio 2008. Join Rob Windsor as he demonstrates this and how to attach client credentials to calls made to the service using both kinds of client-side proxy. http://msdn2.microsoft.com/security/cc178918.aspx 9720B98D-034B-4775-B949-364627B56EAC Tue, 25 Mar 2008 22:54:31 -0800 In this how-to video, Remon Zakaria will demonstrate how to secure your data by encrypting it using Asymmetric encryption algorithms. http://msdn2.microsoft.com/security/cc307275.aspx 73D5509A-095F-4104-8C7A-9E65C3D92319 Tue, 4 Mar 2008 22:54:01 -0800 In this how-to video, Remon Zakaria will remind us with the symmetric key encryption techniques in .Net framework 2.0. http://msdn2.microsoft.com/security/cc307276.aspx 9720B98D-034B-4775-B949-364627B96EAC Tue, 4 Mar 2008 22:54:31 -0800 In this how-to video, Remon Zakaria will remind us with the symmetric key encryption techniques in .Net framework 2.0. http://msdn2.microsoft.com/security/cc307274.aspx 17D1FE23-7D01-4AC5-A1DF-9DE62F94BB20 Tue, 4 Mar 2008 22:53:22 -0800 In this video Will DePalo demonstrates how to add security to the applications that you build with Visual Basic.Net and C# by having multiple parties digitally sign documents to insure message integrity and authenticity. http://msdn2.microsoft.com/security/cc263920.aspx 2E782235-0957-4FE2-93CC-3CE26601FC02 Tue, 12 Feb 2008 17:33:44 -0800 Using the GenericPrincipal class, you can create an authorization scheme that exists independent of a Windows NT or Windows 2000 domain or simply use your own custom role scheme. In this video, Todd Miranda demonstrates how to create and use a Generic Principal. http://msdn2.microsoft.com/security/cc263917.aspx 12C43341-FDB9-49BB-9DF5-90D43706D44A Tue, 12 Feb 2008 17:32:59 -0800 Using the WindowsPrincipal class, you can create an authorization scheme that ties into a Windows NT or Windows 2000 domain. In this video, Todd Miranda demonstrates how to create and use a Windows Principal. http://msdn2.microsoft.com/security/cc263915.aspx 9AA2284F-88E1-4748-9F28-39F58E0F9E5E Tue, 12 Feb 2008 17:32:21 -0800 Restricting access to code that could potentially be used to perform malicious actions is often overlooked but very important. Imperative security checks allow you to protect your application code by requiring appropriate permissions prior to execution. In this video, Todd Miranda demonstrates how to perform imperative http://msdn2.microsoft.com/security/cc263910.aspx F652E932-D15A-4143-8011-C4E46703AD03 Tue, 12 Feb 2008 17:31:44 -0800 In this video, Eric Marvets shows us how to add a hashing routine to an existing application. http://msdn2.microsoft.com/security/cc261634.aspx 827EA364-D859-42B3-8AD6-0B577D73D2A3 Tue, 12 Feb 2008 17:30:50 -0800 One of the challenges of encrypting data with keys is determining where to store the keys securely. You can store keys in named containers. These named containers utilize Windows security to securely store cryptographic keys. In this video, Todd Miranda demonstrates how to store asymmetric keys in a key container. http://msdn2.microsoft.com/security/cc261628.aspx 3ADC6618-7E80-47E7-AD8B-949C23A507AF Tue, 12 Feb 2008 17:29:40 -0800 In this how-to video, Remon Zakaria will remind us with the SQL Membership provider and show us how to create a custom Membership provider that does the same job as the SQL Membership Provider. http://msdn2.microsoft.com/security/cc185719.aspx 7E4907E4-1EA0-4C3A-BD57-04F095012A37 Tue, 5 Feb 2008 18:37:49 -0800 Transmitting and saving XML data is very popular but the plain text nature of XML makes using it for sensitive data difficult. Encrypting XML data is not difficult with the objects available in .NET. In this video Todd Miranda demonstrates how to encrypt and decrypt XML data using Asymmetric Keys. http://msdn2.microsoft.com/security/cc185724.aspx 55BE4ADD-EE27-414B-AC72-BFE6A6205DF1 Tue, 5 Feb 2008 18:37:19 -0800 Transmitting and saving XML data is very popular but the plain text nature of XML makes using it for sensitive data difficult. Encrypting XML data is not difficult with the objects available in .NET. In this video Todd Miranda demonstrates how to encrypt and decrypt XML data using Symmetric Keys. http://msdn2.microsoft.com/security/cc185725.aspx A7881E89-5F0C-4E46-8FAD-5326E39AB202 Tue, 5 Feb 2008 18:36:43 -0800 In this how-to video, Remon Zakaria will remind us with the “Setting up SqlMembership provider” demo and show how to use the SqlMembership provider inside your existing website’s database using aspnet_regsql.exe command. http://msdn2.microsoft.com/security/cc178919.aspx n8iw39-5262-407a-8996-9dac1441756f Tue, 29 Jan 2008 20:41:57 +0000 In this how-to video, Remon Zakaria will explain the concept of Membership providers and demonstrate how to setup and use the SQLMembership provider that is built-in ASP.NET 2.0. http://msdn2.microsoft.com/security/cc178926.aspx sw3h39-5262-407a-8996-9dac1441756f Tue, 29 Jan 2008 20:41:57 +0000 In this video you will learn how to add security to the application you build with C# and Visual Basic.NET by digitally signing XAML documents. http://msdn2.microsoft.com/security/cc178920.aspx nu8o39-5262-407a-8996-9dac1441756f Tue, 29 Jan 2008 20:41:57 +0000 In this video Will DePalo demonstrates how to add security to the applications that you build with Visual Basic.Net and C# by digitally signing documents with the signature of a single party to insure message integrity and authenticity. http://msdn2.microsoft.com/security/cc178921.aspx s24t39-5262-407a-8996-9dac1441756f Tue, 29 Jan 2008 20:41:57 +0000 In this video Will DePalo demonstrates how to add security to the applications that you build with Visual Basic.Net and C# by verifying the digital signatures on XML documents to insure message integrity and authenticity. http://msdn2.microsoft.com/security/cc178917.aspx vt6739-5262-407a-8996-9dac1441756f Tue, 29 Jan 2008 20:41:57 +0000 In this video Will DePalo demonstrates how to add security to .Net applications by encrypting sensitive or confidential data by using the ProtectedData class of the System.Security.Cryptography namespace. http://msdn2.microsoft.com/security/bb986172.aspx wllp39-5262-407a-8996-9dac1441756f Tue, 8 Jan 2008 22:32:07 +0000 In this video Scott Golightly walks through the process of setting up a sample Security Token Service (STS). The STS is used to issue managed cards that will be accepted at a web site. Scott shows how to create a managed card based on a personal card in CardSpace and also how to create a managed card based on a user name and password. http://msdn2.microsoft.com/security/bb977432.aspx rv7u39-5262-407a-8996-9dac1441756f Tue, 18 Dec 2007 20:52:34 +0000 SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. SQL Injection attacks are typically the result of misplaced trust in the data inputs to a system. In this video, Todd Miranda demonstrates a simple SQL Injection attack and how to prevent it. http://msdn2.microsoft.com/security/bb977435.aspx i90q39-5262-407a-8996-9dac1441756f Tue, 18 Dec 2007 20:52:34 +0000 In this video Will DePalo will demonstrate how to add security to the applications that you build with Visual C++ by encrypting data with the Data Protection Application Programming Interface (DPAPI). http://msdn2.microsoft.com/security/bb980212.aspx b8is39-5262-407a-8996-9dac1441756f Tue, 18 Dec 2007 20:52:34 +0000 In this how-to video, Remon Zakaria will explain and demonstrate the SQL Injection attack over a PHP/MySQL/Linux Platform and how can you protect yourself from it. http://msdn2.microsoft.com/security/bb980214.aspx 5m9a39-5262-407a-8996-9dac1441756f Tue, 18 Dec 2007 20:52:34 +0000 Cross Site Request Forgery is an attack that enables an attacker to send arbitrary HTTP requests from a victim user. In this video, Todd Miranda demonstrates a simple Cross Site Request Forgery attack and how to prevent it. http://msdn2.microsoft.com/security/bb977433.aspx rt6n39-5262-407a-8996-9dac1441756f Tue, 11 Dec 2007 21:56:15 +0000 In this video, Hilton Giesenow demonstrates how to securely encrypt sections of your web.config file. The video covers the two out-of-box encryption providers, command-line encryption, and encryption from within your application. http://msdn2.microsoft.com/security/bb977434.aspx tb2339-5262-407a-8996-9dac1441756f Tue, 11 Dec 2007 21:56:15 +0000 In this video, Will DePalo discusses discretionary access control lists, a major security component of the Windows operating system. See how to grant and deny access to the files you create in Visual C++ applications by manipulating their access control lists. http://msdn2.microsoft.com/security/bb968862.aspx 5t2g39-5262-407a-8996-9dac1441756f Wed, 4 Mar 2007 21:56:15 +0000 In this video, Scott Golightly shows how to increase the security of Web sites by allowing users to use a Windows CardSpace information card to log in to a Web site. http://msdn2.microsoft.com/security/bb968865.aspx 9isx39-5262-407a-8996-9dac1441756f Tue, 11 Dec 2007 21:56:15 +0000