Tuesday, May 16, 2006

My First Experience with Secured Application Development

Before I forget all the cool things that I learned today, I better write them now. I attended my second Microsoft training workshop today. It was on secured application development. I have never had much experience in writing secured code, and I must admit it was a pretty cool learning experience for me.

I woke up at 6:45 am to get ready for the workshop, which started at 8:30. The workshop is in Washington D.C., and I had to print out the directions before I left the house. The traffic was a little bad on I-495, which is normally packed during rush hour, but it cleared up after a few miles, so it wasn’t that bad this morning. I got off at exit 39B on River Road heading toward Washington D.C. Drove for about 5 miles before I took a left on Western Ave. I drove for about half a mile before taking a right on Wisconsin Ave. The Microsoft office is located in the Chevy Chase Pavilion Building, which is right on Wisconsin Ave. I parked in the Pavilion parking lot and took the elevator up to the Microsoft office at around 8:35.

There were two receptionists, who directed me to the classroom all the way down the hall. I didn’t see a lot of people there, so my first thought was may be I was there a little early, but it turned out there are only about 20 of us at the workshop. My first Microsoft workshop was conducted in a theater where there were hundreds of people showed up. That was part of the Microsoft’s Ready to Launch events. There were food and beverages on a few tables set up outside the classroom for the attendees. I had myself a muffin and a cup of coffee.

The presenter at the workshop was Talhah Mir. He introduced himself as a member of the Microsoft’s ACE (Application Consulting and Engineering) team, which is responsible for application performance, security and privacy engineering at Microsoft. He started off with an ice breaker. It was nice to get an idea of who were in the room and know what everyone wanted to get away from the workshop.

Talhah started off with Threat Modeling. I learned that threat modeling should be done independently off any specific platform. This is something that needs to be done before any code is written. Threat modeling can be summarized as follows: threats are realized through attacks, which are materialized through vulnerabilities, which then can be mitigated with countermeasures. Talhah described the task of the development team were to define these threats clearly and precisely, so that the security team could come up with attacks, vulnerabilities, and countermeasures appropriately. Talhah also introduced the Microsoft Threat Analysis and Modeling Tool along with Attack Libraries. I like the tool for its extensibility through XML and XSLT.

Talhah introduced the concept of cryptography. He also went on to demonstrate various loopholes in writing code. A few that I remember are Dynamic SQL, Integer Overflow and Session and Cookie Attacks. I thought the demos were cool and neatly organized to show the various kinds of attacks and solutions to these attacks.

The workshop ended around 3pm, which I like because I could go home before rush hour kicked in. I start to like these workshops more and more, because it gives me a chance to learn about so many things. I learned a lot at the workshop today, not only through Talhah’s presentation, but also from the discussions from other attendees. I still consider myself new to the development world, because I have only been doing it professionally for two years, so it’s always great to listen and learn from the people around me.

I thought Talhah was a good presenter. He was very knowledgeable about the topic, and he was able to communicate it clearly. I learned a great deal about threat modeling through his presentation and demos. He said if there is one thing that one should have got from the presentation was the Principle of Least Privilege. I will keep it in mind as I continue to learn to write less unsecured code.

Friday, May 12, 2006

No More School

Well not for another two weeks at least. Just had my last final yesterday. Now I'm ready to have fun this weekend, then it's just serious work all over again.

Saturday, May 6, 2006

Java Collections in j2sdk-1_4_2


Hash Table Resizable Array Balanced Tree Linked List Hash Table + Linked List
Interfaces Set HashSet   TreeSet   LinkedHashSet
List   ArrayList   LinkedList  
Map HashMap   TreeMap   LinkedHashMap


Tuesday, May 2, 2006

Five Tips To Prolong Laptop Battery Life

These tips are very much common sense, but if you didn't know already, they will help to prolong your laptop battery life.

  1. Power down the display

  2. Turn off unused devices

  3. Decrease hard drive activity

  4. Disable startup items

  5. Condition the battery

Read more at www.laptopmag.com.