Re: MCAD thinking of taking on 70-340
From: UAError (null_at_null.null)
Date: 11/02/04
- Next message: Rajesh Soni: "about MCSD"
- Previous message: David C. Allen: "Just passed 70-305 with an 810!!"
- Next in thread: Eric: "Re: MCAD thinking of taking on 70-340"
- Maybe reply:(deleted message) Eric: "Re: MCAD thinking of taking on 70-340"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 01 Nov 2004 21:16:06 -0500
"Stud Sinister" <anonymous@discussions.microsoft.com> wrote:
>
>I'm curious about test 70-340. Thus far I've passed the
>three you need to get the MCAD and I'm thinking about
>using 70-340 for the elective.
>
>It's a relatively new test, though. Anyone experienced
>with it? I've actually read the first version
>of "Writing Secure Code"...
Passed it first time after:
- Countless trips to the MSDN including MSDN Mag and MSJ
articles.
Writing Secure Code, Second Edition
by Michael Howard, David C. LeBlanc
Publisher: Microsoft Press; 2 edition (December 4, 2002)
ISBN: 0735617228
http://www.amazon.com/exec/obidos/ASIN/0735617228
http://www.microsoft.com/mspress/books/5957.asp
"Worked through" Chapters 1 -17 (resulting in 58 pages of
Arial 9pt notes). Best of the bunch here for establishing
the need and urgency of "Secure Coding", while also
underlining how hostile today's environment really is.
Didn't go any further as I figured that the .NET material
would be way to thin.
MCAD/MCSD Self-Paced Training Kit: Implementing Security for
Applications with Microsoft Visual Basic .NET and Microsoft
Visual C# .NET (Pro-Certification (Paperback))
by Anthony Northrup
Publisher: Microsoft Press; Package edition (September 8,
2004)
ISBN: 0735621217
http://www.amazon.com/exec/obidos/ASIN/0735621217
http://www.microsoft.com/MSPress/books/7634.asp
"Worked through" the whole thing (resulting in 87 pages of
notes). Valuable as a guide to deciphering the 70-340
"Skills Being Measured".
"Writing Secure Code" has a superior treatment of general
security topics - but it also dedicates more volume to the
topic. Good .NET extension to some topics from "Writing
Secure Code" - though a bit "thin" in places. Can't be
relied upon as the "one-and-only" reference for 70-340. It
totally overlooks Serviced Components/Enterprise Services
Security.
The book includes a Readiness Review Suite. Got 77% on the
first go (ran out of time (90 min) leaving 5 of 60 questions
unanswered). While some of the questions were real howler's
it did point out my weak areas in enterprise services (COM+)
security and security with reference to Forms Authentication
in ASP.NET. This prompted me to move on to "Building Secure
Microsoft ASP.NET Applications". Few days later had another
go at it and got 83% (leaving 1 of 60 questions unanswered
due to lack of time).
Building Secure Microsoft ASP.NET Applications
Publisher: Microsoft Press; 1 edition (January 22, 2003)
ISBN: 0735618909
http://www.amazon.com/exec/obidos/ASIN/0735618909
http://www.microsoft.com/MSPress/books/6501.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetlpMSDN.asp
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=055FF772-97FE-41B8-A58C-BF9C6593F25E
Proceeded to "read" chapters 8 through 12 in no particular
order and reviewed a number of the How-Tos in the back.
Finally proceeded to attempt the actual exam...
Casual References:
===================
NET Framework Security
by Brian A. LaMacchia, Sebastian Lange, Matthew Lyons, Rudi
Martin, Kevin T. Price
Publisher: Addison-Wesley Pub Co; 1st edition (April 24,
2002)
ASIN: 067232184X
http://www.amazon.com/exec/obidos/ASIN/067232184X
http://www.awprofessional.com/title/067232184X
Read the first 8 chapters (only ~100 pages; it has 32
chapters).
This was the only reference that I could find that actually
explains the nitty-gritty of SignedXML class (based on
XMLDSIG; Chapter 32 Using Cryptography with the .NET
Framework: Creating and Verifying XML Digital Signatures). I
had to move on to more "profitable" matters before I could
finally figure out how to verify DETACHED signed content
that had been moved to a different URL. I couldn't believe
that the Training-Kit only showed you how to generate the
signature but not how to verify it (probably easy as long as
the signed content isn't relocated - not very useful). I
didn't find the SignedXML sample code that I found on the
MSDN all that helpful.
Used "Chapter 30: Using Cryptography with .NET Framework:
The Basics" when I ran into some sample code in the
Readiness Review that asked you outline the steps for
decrypting a stream encrypted with some sample code using a
symmetric algorithm. The sample code wrote the KEY (!!!;
should have been the SALT/entropy value) and the
initialization vector (IV) to the stream. To make matters
worse the code wrote the key/IV into the CryptoStream (!!!;
i.e. forget about decrypting that). That's when I decided
that I better know how to do the salt/IV thing properly -
the code in this chapter used an interesting tactic; rather
than writing the salt/IV to the unencrypted output stream
and then wrapping the output stream in a CryptoStream, the
code wrapped the CryptoStream around the data input stream.
Improving Web Application Security: Threats and
Countermeasures
Publisher: Microsoft Press; (September 24, 2003)
ISBN: 0735618429
http://www.amazon.com/exec/ASIN/0735618429
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/ThreatCounter.asp
http://www.microsoft.com/downloads/details.aspx?FamilyId=E9C4BFAA-AF88-4AA5-88D4-0DEA898C31B9&displaylang=en
Read the first three chapters and probed randomly into
various areas of interest or concern.
COM and .NET Component Services (O'Reilly Windows)
by Juval Löwy
Publisher: O'Reilly; 1 edition (September 1, 2001)
ISBN: 0596001037
http://www.amazon.com/exec/obidos/ASIN/0596001037
http://www.oreilly.com/catalog/comdotnetsvs/index.html
Used this for its more casual treatment of COM+ security and
its configuration.
Mastering Regular Expressions, Second Edition
by Jeffrey E. F. Friedl
Publisher: O'Reilly; 2 edition (July 15, 2002)
ISBN: 0596002890
http://www.amazon.com/exec/obidos/ASIN/0596002890
http://www.oreilly.com/catalog/regex2/index.html
Better have this within arms reach when you are chanting
"Constrain-Reject-Sanitize".
The .NET Developer's Guide to Windows Security
by Keith Brown
Publisher: Addison-Wesley Professional; (September 27, 2004)
ISBN: 0321228359
http://www.amazon.com/exec/obidos/ASIN/0321228359
http://www.awprofessional.com/title/0321228359
http://pluralsight.com/wiki/default.aspx/Keith.GuideBook.HomePage
(Note: This title deals with "Windows Security" as it
concerns the .NET developer, NOT ".NET Security". Look
forward to "unsatisfied" reviews of readers that couldn't
make that "subtle" distinction based on the title).
- Next message: Rajesh Soni: "about MCSD"
- Previous message: David C. Allen: "Just passed 70-305 with an 810!!"
- Next in thread: Eric: "Re: MCAD thinking of taking on 70-340"
- Maybe reply:(deleted message) Eric: "Re: MCAD thinking of taking on 70-340"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
