Alik Levin's
Security and Performance From the Field
May 2007 - Posts
Security Educational Workshop - Authentication Explained
I just finished building another security workshop that covers authentication and identity technologies implemented by MS products. The workshop is targeted to developers and not IT folks. It is common practice (or should I call it anti-practice) that
Read More...
SOA, Strong Authentication, Standard Authorization - Cool Solution
reposted from here I've previously blogged about SOA Security Inside Enterprise walls This time I had couple of pretty interesting requirements from one customer that targeted B2B/Partners scenario. They had a web site that communicates to partner's web
Read More...
How I Setup Lab Domain Using VPC 2007
To quickly set lab environment I use VPC 2007 ( free download ). It really saves me lots of time. For example, in order to set up environment to test impersonation, delegation, and protocol transition as described in Authentication Hub post I needed one
Read More...
Object Oriented File Management
This post is about manual file management. I came across How To Research Efficiently and I decided to share my approach for researching. I am consultant and vast majority of my activities is generating tangible deliverables - presentations, documents,
Read More...
Creating a Parameterized Query In Visual Studio
Creating parameterized queries is one of the major countermeasures to SQL Injection attacks (not the ultimate but major). I always did it in old fashion way - using code only and I am ashamed I never utilize advanced productivity features of Visual Studio.
Read More...
patterns&practices Releases Beta 1 Of VS TFS Guide To Codeplex
Go straight to the web site here - http://www.codeplex.com/TFSGuide and Download the Team Development with Visual Studio Team Foundation Server Guide Here are some teasers: How Tos How To: Add a New Developer To Your Project in Visual Studio 2005 Team
Read More...
Threat Model Your Strategic Planning
I am not marketing guy, nor strategic one – I really do not know why I started to read this post - Why strategic planning fails - may be because my RSS reading technique ( How to Use Outlook 2007 RSS To Effectively Aggregate And Distill Information )
Read More...
Generate Documents Out Of Mail Items Directly From Outlook 2007
Information is all over – emails, blogs, notes, posts. While I consolidate incoming information in my Inbox ( My Pipeline Is My Inbox ) it may end spread all over in my OL folders. Even if I had one folder for all – it is collection of mail items, but
Read More...
Blogging And Content Reuse
In my next post I will show how I generate documents out of the content aggregated from RSS feeds while utilizing technique described in How to Use Outlook 2007 RSS To Effectively Aggregate And Distill Information . Here is another reuse of the content
Read More...
AOP, Pipelines, Interceptors, and HttpModlues
My favorite design patterns is Provider design pattern (abstract factory – GoF definition) . I like it since it gives a lots of flexibility while preserving common programming techniques and style. ASP.NET is all over providers – membership, rolemanager,
Read More...
Back Up, Back Up, Back Up
I learned that shi[f]t happens (adopted from here ) - I changed several computers and few hard drives too. Most painful thing is restoring the system to the state where I can work the way I used to. Here is what my practice to be prepared to another shift
Read More...
VSTS Guidance Resources On Codeplex
patterns&practices VSTS Guidance http://www.codeplex.com/VSTSGuidance Guidance Index Index Explained Guidelines How Tos Practices at a Glance Questions and Answers Video-Based Guidance Video Index Scenario Frames Source Control Scenarios Frame Resources
Read More...
How to Use Outlook 2007 RSS To Effectively Aggregate And Distill Information
I used couple of RSS readers but lately I switched to my Outlook 2007 to meet WEB 2.0 era. Here is what I’ve done: 1. Created new pst file using “Data File Management…” option: 2. Created empty folders in it – these are actually feeds categories: 3. Then
Read More...
ARCast With Ron Jacobs - Defending the Application
Eliaz Tobias from our DPE ( Developer and Platform Evangelism ) group was hosting Ron Jacobs lately here in Israel. I was lucky to get a chance to talk to Ron about my favorite topic - Security Engineering . Ron published the interview lately on Channel
Read More...
Recurring Security Engineering Anti-Patterns I Witness
I witness pretty often the following antipatterns for security engineering: Initial architecture document is created and it seems to have everything to address application security , but in the end none is implemented. Security engineering is abused and
Read More...
Late Threat Modeling
I always suggest conducting Threat Modeling even in advanced dev cycle stages, although it might seem absurd – why would one model threats for something that already has been completed? I often start working with projects that have advanced into their
Read More...
Why I Blog
I blog for the following reasons Journaling I journal what I do. It is about simple reuse. Kind of personal del.icio.us Stretch myself I am consultant and practitioner. I need some cost effective way to constantly learn new stuff. If I decide to learn
Read More...
Security Engineering Big Rocks
Lifecycle and prioritization seem like a key to successful implementation of Security Engineering. Why lifecycle? Imagine, that some application written by very seasoned developer – there is a good chance that no vulnerability was introduced in it – hypothetically.
Read More...
Security Workshops
This post is inspired by Dave Ladd's Security Education v. Security Training My favorite quote is "We require our SDL training to emphasize the basics of secure design, development and test – then allow employees and their management to select the training
Read More...
ASP.NET Health Monitoring Means Logging And Auditing
I constantly keep seeing ASP.NET developers using log4net for logging and auditing their Web apps. While I have nothing against log4net - it is great stuff I presume though never used it - it is pretty funny to me to get why people do not use built-in
Read More...
I Do Not Have Time For That
Every creature on that planet has exactly the same 24 hours a day - no more, no less. So what this "I do not have time for that" can be broken into the following: "You waste your time on something I would never spend a minute". This one means "I do not
Read More...
Search
Go
This Blog
Home
Email
Tags
AJAX
Auditing and Logging
Authentication
Authorization
CardSpace
CAS
Code Inspection
Deployment Inspection
Deployment Phase
Development Phase
End User
Exception Handling
Fuzzing
IIS 7
Implementation
Inception Phase
Information Gathering
Input Validation
Interop
Operations
Performance
Planning Phase
Practices
Reflection
Security
Sensitive Data
Test Phase
Threading
Threat Modeling
Tools
Video
Vista
VSTS
WCF
Archives
August 2008 (1)
July 2008 (7)
June 2008 (5)
May 2008 (4)
April 2008 (4)
March 2008 (3)
February 2008 (3)
January 2008 (10)
December 2007 (6)
November 2007 (4)
October 2007 (11)
September 2007 (4)
August 2007 (6)
July 2007 (8)
June 2007 (3)
May 2007 (21)
April 2007 (25)
March 2007 (25)
. My Personal Blog .
Practice This
.Net Performance How To's
Improving .NET Application Performance and Scalability
Exceptional Performance
Performance Testing Guidance How-To's
Fiddler PowerToy - Part 2: HTTP Performance
Performance Testing with Fiddler
Bottleneck-Detection Counters
Troubleshooting Performance Problems in SQL Server 2005
Performance Frame - v2
.Net Security How To's
patterns & practices Security How To's Index
ASP.NET 2.0 Security Questions and Answers
Tamper detection
Authentication Hub
VSTS Resources
Architecture and Design checklists
Securing Sites with IP Address Restrictions
WCF - XSD validation for WCF services
WCF - Message Inspectors
Using Credential Management in Windows XP and Windows Server 2003
WCF - Common Security Scenarios
WCF - Authorization
Validating XML Data with XmlReader
Input Validation - XML Data
Validation - Web Client Software Factory
patterns & practices WCF Security Application Scenarios
Microsoft Identity and Access Management Series
Design Patterns
data & object factory
Yahho Design Pattern Library
Sample .Net 3.0 app
Application Architecture for .NET: Designing Applications and Services
Litware HR - A Multitenant sample application
Microsoft .NET Pet Shop 4.0
Responsive Composite Web Client Reference Implementation
Table of Contents: Introduction to CAB/SCSF
ASP.NET Quickstarts
Microsoft Identity and Access Management Series
Software design patterns
Impactful
Super Size Me
Billy Eliot
The Legend of 1900
The Terminal
The Counterfeiters
Lifecycle Phases
5. Deployment Phase
3. Development Phase
4. Test Phase
1. Inception Phase
2. Planning Phase
Popular
My Favorite Shortcuts
My Pipeline Is My Inbox
Security .Net Code Inspection Using Outlook 2007
Security Code Inspection - Eternal Search For SQL Injection
.Net Assembly Spoof Attack
Code Inspection - First Look For What To Look For
How To Hack WCF - New Technology, Old Hacking Tricks
Generate Documents Out Of Mail Items Directly From Outlook 2007
ARCast With Ron Jacobs - Defending the Application
How to Use Outlook 2007 RSS To Effectively Aggregate And Distill Information
Tools
Fiddler2 Web Debugger - Freeware HTTP(S) debugging tool
Microsoft Network Monitor 3
FxCop Team Page
Microsoft Threat Analysis & Modeling
Windows Sysinternals tools
Log Parser 2.2
p&p Practices Checker - performance
Microsoft ® Windows Server ™ 2003 Performance Advisor
Ajax View
WCat 6.3 (x86)
Funnel Web Analyzer 5.0 for Windows
Syndication
RSS 2.0
Atom 1.0
