Well, I had the opportunity to attend a Microsoft MSDN event today entitled “Writing Secure Code - Threat Defense”.  I went in with high hopes.  I must of course say that I wasn't entirely disappointed, but my expectations were not met.

Years ago (in a past life) I used to present at Tech Net and MSDN events (I'm starting to get back into it too - but that's another blog) so I have some insight into what a presenter goes through.

All in all, he did a fairly okay job but left out many ideas and concepts.  Ultimately I came away with a few things:

Valuable Resource: O'Reilly's book '.NET Security'

Perhaps the best, most useful information gained was concerning Code Access Security.  CAS is one of the most misunderstood aspects of .NET development and the presenter shed some light on the topic.  He illustrated the use of the .Demand() and .Assert() methods to control the stack walk as well as how to configure (briefly) an application to take advantage of CAS...that part was worth while.