.NET Security and Hacking Tool Belt - Tools, Books, Videos, and Sites

There are a ton of tools and books out on security and hacking. My focus has been on learning the techniques hackers use so I can fortify the applications I build. Learning the techniques is great, but you also need to know where in the development process you should use them.

The application my team is rebuilding now is a result of waiting to worry about security until the end of the development lifecycle. They inherited quite a mess. Not only was security completely overlooked, the tools to implement security did not go through a proof of concept. In the end, the product they planned on using did not support role base authorization, it is wide open to Denial-of-service (DOS) attacks, and it intercepts and rewrites JavaScript breaking most of the functionality that has nothing to do with security. Instead of needing the 1 role that was planned for they need between 5 - 7.

Security considerations must be included from the beginning of a project. The only way I know how to do that effectively is to execute architecture centric design. Meaning that without proper architecture, any sizable project will not have proper security.  Without a way to keep it in balance with other quality attributes, you can also go over board with security.  I have never treated it as its own solution, but rather just one part of the solution that needs to be balanced with the systems other needs (performance, modifiability, etc.).

I have listed some of the tools, books, videos, and sites I keep in my security tool belt below.

Tools
Burp Suite
Nmap and Zenmap GUI
Microsoft Threat Analysis and Modeling v2.1.2 (I like the new version (SDL Threat Modeling Tool 3.1) better. It is lighter weight and can be used in a development process much easier. This version required to much overhead and was hard to justify using. Although this one was prettier.)
SDL Threat Modeling Tool 3.1
Privoxy
TOR
Sam Spade
Vistumbler
Xenu's Link Sleuth
Foundstone's Free Tools

Books



Videos
Matt Fisher - SQL Injection - Everything About SQL Injection
"How Do I" Videos for Security
Microsoft Webcasts

Sites
Microsoft SDL - Developer Starter Kit
The Ethical Hacker Network
Threat Modeling
patterns & practices Improving Web Services Security
CLR Security
Security Developer Center
Web Application Security Consortium
CERT
Security Quality Requirements Engineering (SQUARE) Methodology
Hack this Site
McAfee
Norton- Threat Explorer
The Microsoft Security Response Center (MSRC)
Hacking Exposed: Web Applications 2
Hacking Exposed: Windows
The Web Application Hacker's Handbook

Silverlight 3 Released and Expression Blend 3 with SketchFlow is Available

Silverlight 3 has been released!!!!

Below are some of the key downloads you will need and sites worth checking out.

Microsoft Silverlight 3 Tools for Visual Studio 2008 SP1 (Get it here)
Overview (from MSDN Download site)

This package is an add-on for Visual Studio 2008 SP1 to provide tooling for Microsoft Silverlight 3. It can be installed on top of either Visual Studio 2008 SP1 or Visual Web Developer 2008 Express with SP1, and it provides a Silverlight project system for developing Silverlight applications using C# or Visual Basic.

This download will install the following:

• Silverlight 3 developer runtime
• Silverlight 3 software development kit
• KB967143 for Visual Studio 2008 SP1
  and/or
  KB967144 for Visual Web Developer 2008 Express with SP1
• Silverlight 3 Tools for Visual Studio 2008 SP1
  and/or
  Silverlight 3 Tools for Visual Web Developer 2008 Express with SP1

Silverlight 3 Tools for Visual Studio 2008 SP1 includes:

• Visual Basic and C# Project templates
• Intellisense and code generators for XAML
• Debugging of Silverlight applications
• Remote debugging of Silverlight applications for Mac
• Web reference support
• WCF Templates
• Team Build and command line build support
• Support for cached transparent platform extensions
• Support for Silverlight 3 Out-of-Browser applications

Silverlight 3 Toolkit (Get it Here)
Overview (from CodePlex Download site)
The Silverlight Toolkit is a collection of Silverlight controls, components and utilities made available outside the normal Silverlight release cycle. It adds new functionality quickly for designers and developers, and provides the community an efficient way to help shape product development by contributing ideas and bug reports. It includes full source code, unit tests, samples and documentation for 26 new controls covering charting, styling, layout, and user input.

Install Microsoft Expression Blend 3 + SketchFlow RC (Get it here)
Overview (from MSDN Download site)
Expression Blend 3 + SketchFlow is a visual tool for designing and prototyping desktop and web applications. You build an application by drawing shapes, drawing controls such as buttons and list boxes, making the pieces of your application respond to mouse clicks and other user input, and styling everything to look uniquely your own.

Web Sites:
Microsoft Expression
Get Started Building Silverlight 3 Applications
Scott Guthrie on Silverlight 3

ZM NC2000 Silver Notebook Cooler Review and the Poor Mans Cooler

I was recently encouraged to buy a Notebook Cooler, Silver, ZM-NC2000 when my laptop got so hot it shut down on me, and burnt my finger when I hit the power button to turn it back on. I had the opportunity to buy one several times at a very reduced rate when Circuit City was going out of business, but I blew it off thinking I would never need one. WRONG. I am not a gamer, just an amateur photographer and programmer. I was using Deep Zoom to create a zoomable collage, had Photoshop up, was running a virtual of Visual Studio 2010 on Windows 2008, and running Visual Studio 2008 locally. I think I got really luckily. There are some pretty bad horror stories out there about over heated laptops and the expenses paid to get them back up and running. While waiting on my new Notebook Cooler to arrive, I used a poor mans cooler. Before and after pictures are below. I will use the poor mans cooler at work, and the new ZM-NC2000 Notebook Cooler at home. Geez, rereading that sounds bad, but in reality I don't pull out the big guns at work. I hardly ever mess with graphics there. This thing runs super quiet. The laptop has stayed nice and cool so far. I repeated the same scenario I over heated in (above), and the laptop stayed nice and cool. I don't think I will ever find myself carrying it around with my laptop, but it is light enough to. I recommend this to anyone running on the hot side of your processor. Do some digging and you'll find some costly stories about overheating laptops. For the price, you can't beat it. Poor Man's Cooler (Click image for larger view) ZM-NC2000 Notebook Cooler (Click image for larger view)