It’s been a long time since I blogged last time. Past year was very busy @ work as well as personal stuff. I got into Microsoft and got married the same year. No, marriage is in no way related with getting a job @ Microsoft (I can see you people laughing). Here at Microsoft I’m part of Information Security Team with specific attention on development of tools which facilitates a secure computing environment.
Last year I worked on applications built entirely on different technologies. I was part of one huge project using SQL Server 2008 and Integration services. Best thing about working at Microsoft is you get to work on top end technologies, that too, months ahead of their market release. I was working on SQL Server 2008 for more than 6 months when SQL Server 08 officially released. Working on SQL Server 2008 was not just using another new version of database by migrating all 2005 databases to 2008. It was all about using new features like Partitioning, Compression, Query Logging etc. Our SSIS package was so fast that it processed 20 GB of data in 4 hours. Amazing and our applications database is one of the biggest application databases on SQL 2005 and SQL 2008. Crazy stuff. All this was part of information security domain.
Next on my plate was a small project. I was asked to create some custom templates for Visual Studio. This was not that complex project but its impact was huge. Technology used, Visual Studio 2008, SSRS, pre XML, SSAS and MDX queries. It took me some time to get hold of MDX stuff but this was again fun.
Next comes a web based application with security issues all over. My task, act as a superman, get hold of all those bugs, fix them, release the application and wait for the results. From past three years in my career I rarely gave importance to security of the application that I’m developing. As far as I can see, code reviews were always centred around design patterns and multi layer architecture. No one talked about security. One reason might be the type of applications that I was working on in those days. But things are entirely different here in Microsoft. Here we have a group known as ACE which certifies that our application is 100% secure before we go into production. Without their certification application cannot be deployed into production. Great stuff. I worked on all kind of security bugs, XSS, SQL Injection, One Click Attack, cross site script forgery etc. I am also an ACE certified application developer now. This was great learning experience.
Apart from these things I also worked on some initiatives which were highly appreciated. One of them and closest to my heart is Build and Deployment tool built using Windows Workflow Foundation. This is an amazing concept which will now be available with VSTT 2010.
Currently I’m working with ILM, Identity Lifecycle Management, product team to develop customized solution for internal customers. Besides this, my time goes by in playing with Windows Communication Foundation, SQL Server 2008 and Application Security. Few weeks back I did some good stuff on SQL Server policy based management and after one internal demo I’ll post it . Till then.....