I will be doing two talks at the Victoria Code Camp on January 26th.

My first talk is titled “Cryptography So Easy A Goat Could Do It”. This is an intro into cryptography including hashing, symmetric, and asymmetric encryption. I will be talking about a lot of best practices and comparing the differences between algorithms available in the .NET framework.

My second talk has the much more boring title of “Common Web Site Exploits and How To Protect Against Them”. In this one we will hack a sample site using common techniques and then look at how to lock the site down to help mitigate these attacks.

Hope to see you there!

I will be speaking on partial trust in asp.ent at the Alberta Tech Fest this year in Calgary on November 10th.

Techfest is like a code camp but has a bigger mix of people. There is a developer track, an architect track, and an IT pro track. Adding the IT pro track is a neat idea to bring the people from the other side of our office floors to the same conference. I don’t think there will be too many people switching between IT Pro and the developer track but hopefully some interesting conversations will happen between the two groups.

I recently had the pleasure of speaking to the e-commerce class at DevStudios about input validation and hashing. It was a fun talk and I love the interactivity you get when talking to a smaller audience. Thanks guys!

I wanted to thank the Vancouver user group for having me out to speak. It was a great experience and a surprising turnout considering that the weather was just great outside!

As I said in the demo you can download the code, database and slides here.

The demo web site also implements some other features that I did not get to talk about due to time constraints. The biggest one is a custom security level (the web.config has a named policy named demo and a demo.config file with the policy in it). I wanted to talk about this feature of .NET but the scope of custom security levels (i.e. code access security / partial trust) was just to large to fit in to the timeframe.

The demo code also has a second iterative hashing algorithm that I did not talk about. The class is Rfc2898IterativeHasher.cs and it implements the built in Rfc2898DerivedBytes class that will easily do an iterative hash with a salt as well. I could not find out what algorithm was being used behind the scenes in this class but it is an easy way to implement iterative hashes.