As we lead up to DotNetNuke Connections November 1-4, 2010, Bill Walker and I are highlighting some of the speakers who will be presenting sessions at this year’s conference. Last week we introduced you to Cathal Connolly, today I have the pleasure of featuring a cohort of Cathal’s on the Security team for DotNetNuke, Brandon Haynes. So sit back and enjoy our brief interview with Brandon, and stay tuned as we feature more speakers in the coming weeks. You might also check out some of the recently announced Offers for DNN Connections, some expire soon!
Effective Auditing and Logging in DotNetNuke Modules
Secure Module Development
Q. How long now have you been part of the DotNetNuke community?
A. I began watching DotNetNuke closely in 2006, but did not begin ramping up my forum contributions until the end of 2007.
Q. Any specific sights, shows, or events that you plan to make time for while in Las Vegas this fall?
A. My secondary goal in any trip to Las Vegas is to consume as much gnocchi as possible at the Zeffirino in the Venetian. Despite my other obligations, I feel that I am up to the challenge again this year!
Q. What is the first computer you ever owned?
A. My first computer was the Apple ][. Its particular shade of monochrome green makes me nostalgic to this day.
Q. Why are you looking forward to DotNetNuke Connections '10?
A. DotNetNuke Connections is a fantastic opportunity to meet, network with, and learn from a large cross-section of the community. While this obviously includes quite a few core team members and DotNetNuke employees, it is also fascinating to interact with other community members who are using DotNetNuke in interesting (and typically novel) ways. There are few locations where so much platform-specific expertise gathers in one place.
Q. Why should people consider attending your session?
A. My two sessions are of a similar theme, but approach the topic of application security from two different perspectives. In "Secure Module Development" I discuss the process of code review, identify a number of anti-patterns that are prone to vulnerability, and discuss how the framework aids a developer in mitigating many such problems. Similarly, in my session titled "Effective Auditing…" I will be discussing the principle of non-repudiation and the ways in which the DotNetNuke framework aids developers in creating secure applications. At first glance, this material might appear dry, but I strive to make it accessible and engaging. Though I do touch on theory, the emphasis is on applied exercises in areas that are rarely discussed in detail. I include information that would be valuable to developers of any skill level, and would recommend that anyone interested in increasing the strength of his or her applications consider attending.
Q. When you’re not presenting, which session at DotNetNuke Connections are you most interested in attending?
A. I've long had an policy that if Bind (bind.pt) releases something new for DotNetNuke, I purchase a license (often without even really looking to see what it is that I am buying); their work is that outstanding. This being the case, I am looking forward to dropping in on one or both of the sessions presented by Beatriz Oliveira, a founder over at Bind. Beyond that, there are really a large number of sessions that I would like to attend. Expect to see me hopping from session to session in a futile attempt to experience everything.
Q. Which sessions in the concurrent tracks at DevConnections you're particularly interested in attending?
A. I will likely spend some time over at a data session (or two); this year there are some interesting options on compliance, clustering, and the Entity Framework. I also will likely use the opportunity to keep abreast of changes in Reporting Services, upon which I rely heavily.
Q. Do you have any particularly interesting memory from a past DotNetNuke conference or gathering that you would like to share?
A. During last year's DevConnection conference, several attendees mentioned that I was the only speaker who included a list of references and citations in my presentation. While this is virtually an automatic process for me, I promise that I am not as dry as it would make me appear!
Q. What area of DotNetNuke do you specialize in?
A. I'm likely to be perceived as contributing primarily to the security area, where I have performed audits for many of the larger modules and identified a number of ways to make the core optimally-secure. Notwithstanding that, I have produced a number of experimental outputs that target other areas such as data, localization, and user interface. I also function as a member of the health team, where we strive to address the natural challenges that any multinational, geographically disparate, and volunteer team will face.
Q. What is one thing you wished everyone knew about DotNetNuke?
A. I will occasionally observe an individual proclaiming that some task or function is "impossible" to accomplish using DotNetNuke. The reality is that this is only very rarely the case; virtually any reasonable use-case can be effectuated through the natural extensibility inherent in the framework. To this end, many of the projects that I have released are a direct response to those who have expressed such "impossibility."
View Brandon’s full bio on the DotNetNuke Connections speakers page.
Additional Speaker Profiles
Meet the Speakers: Mitchel Sellers
Meet the Speakers: Cathal Connolly
Meet the Speakers: Bruce Chapman