May 2007 - Posts

Security Educational Workshop - Authentication Explained
I just finished building another security workshop that covers authentication and identity technologies implemented by MS products. The workshop is targeted to developers and not IT folks. It is common practice (or should I call it anti-practice) that Read More...
Posted 31 May 07 08:08 by alikl | 5 Comments   
Filed under , ,
SOA, Strong Authentication, Standard Authorization - Cool Solution
reposted from here I've previously blogged about SOA Security Inside Enterprise walls This time I had couple of pretty interesting requirements from one customer that targeted B2B/Partners scenario. They had a web site that communicates to partner's web Read More...
Posted 30 May 07 01:45 by alikl | 7 Comments   
Filed under , , ,
How I Setup Lab Domain Using VPC 2007
To quickly set lab environment I use VPC 2007 ( free download ). It really saves me lots of time. For example, in order to set up environment to test impersonation, delegation, and protocol transition as described in Authentication Hub post I needed one Read More...
Posted 29 May 07 07:04 by alikl | 6 Comments   
Filed under
Object Oriented File Management
This post is about manual file management. I came across How To Research Efficiently and I decided to share my approach for researching. I am consultant and vast majority of my activities is generating tangible deliverables - presentations, documents, Read More...
Posted 28 May 07 08:37 by alikl | 1 Comments   
Filed under
Creating a Parameterized Query In Visual Studio
Creating parameterized queries is one of the major countermeasures to SQL Injection attacks (not the ultimate but major). I always did it in old fashion way - using code only and I am ashamed I never utilize advanced productivity features of Visual Studio. Read More...
Posted 28 May 07 05:10 by alikl | 1 Comments   
Filed under , ,
patterns&practices Releases Beta 1 Of VS TFS Guide To Codeplex
Go straight to the web site here - http://www.codeplex.com/TFSGuide and Download the Team Development with Visual Studio Team Foundation Server Guide Here are some teasers: How Tos How To: Add a New Developer To Your Project in Visual Studio 2005 Team Read More...
Posted 23 May 07 08:23 by alikl | 0 Comments   
Filed under
Threat Model Your Strategic Planning
I am not marketing guy, nor strategic one – I really do not know why I started to read this post - Why strategic planning fails - may be because my RSS reading technique ( How to Use Outlook 2007 RSS To Effectively Aggregate And Distill Information ) Read More...
Posted 23 May 07 01:59 by alikl | 1 Comments   
Filed under ,
Generate Documents Out Of Mail Items Directly From Outlook 2007
Information is all over – emails, blogs, notes, posts. While I consolidate incoming information in my Inbox ( My Pipeline Is My Inbox ) it may end spread all over in my OL folders. Even if I had one folder for all – it is collection of mail items, but Read More...
Posted 21 May 07 08:34 by alikl | 2 Comments   
Filed under
Blogging And Content Reuse
In my next post I will show how I generate documents out of the content aggregated from RSS feeds while utilizing technique described in How to Use Outlook 2007 RSS To Effectively Aggregate And Distill Information . Here is another reuse of the content Read More...
Posted 19 May 07 04:51 by alikl | 1 Comments   
Filed under
AOP, Pipelines, Interceptors, and HttpModlues
My favorite design patterns is Provider design pattern (abstract factory – GoF definition) . I like it since it gives a lots of flexibility while preserving common programming techniques and style. ASP.NET is all over providers – membership, rolemanager, Read More...
Posted 18 May 07 11:57 by alikl | 5 Comments   
Filed under
Back Up, Back Up, Back Up
I learned that shi[f]t happens (adopted from here ) - I changed several computers and few hard drives too. Most painful thing is restoring the system to the state where I can work the way I used to. Here is what my practice to be prepared to another shift Read More...
Posted 15 May 07 09:36 by alikl | 3 Comments   
Filed under
VSTS Guidance Resources On Codeplex
patterns&practices VSTS Guidance http://www.codeplex.com/VSTSGuidance Guidance Index Index Explained Guidelines How Tos Practices at a Glance Questions and Answers Video-Based Guidance Video Index Scenario Frames Source Control Scenarios Frame Resources Read More...
Posted 14 May 07 07:57 by alikl | 1 Comments   
Filed under
How to Use Outlook 2007 RSS To Effectively Aggregate And Distill Information
I used couple of RSS readers but lately I switched to my Outlook 2007 to meet WEB 2.0 era. Here is what I’ve done: 1. Created new pst file using “Data File Management…” option: 2. Created empty folders in it – these are actually feeds categories: 3. Then Read More...
Posted 13 May 07 09:04 by alikl | 7 Comments   
Filed under
ARCast With Ron Jacobs - Defending the Application
Eliaz Tobias from our DPE ( Developer and Platform Evangelism ) group was hosting Ron Jacobs lately here in Israel. I was lucky to get a chance to talk to Ron about my favorite topic - Security Engineering . Ron published the interview lately on Channel Read More...
Posted 12 May 07 06:11 by alikl | 3 Comments   
Filed under ,
Recurring Security Engineering Anti-Patterns I Witness
I witness pretty often the following antipatterns for security engineering: Initial architecture document is created and it seems to have everything to address application security , but in the end none is implemented. Security engineering is abused and Read More...
Posted 10 May 07 08:39 by alikl | 1 Comments   
Filed under ,
Late Threat Modeling
I always suggest conducting Threat Modeling even in advanced dev cycle stages, although it might seem absurd – why would one model threats for something that already has been completed? I often start working with projects that have advanced into their Read More...
Posted 09 May 07 08:35 by alikl | 1 Comments   
Filed under , ,
Why I Blog
I blog for the following reasons Journaling I journal what I do. It is about simple reuse. Kind of personal del.icio.us Stretch myself I am consultant and practitioner. I need some cost effective way to constantly learn new stuff. If I decide to learn Read More...
Posted 08 May 07 03:57 by alikl | 1 Comments   
Security Engineering Big Rocks
Lifecycle and prioritization seem like a key to successful implementation of Security Engineering. Why lifecycle? Imagine, that some application written by very seasoned developer – there is a good chance that no vulnerability was introduced in it – hypothetically. Read More...
Posted 07 May 07 08:12 by alikl | 7 Comments   
Filed under ,
Security Workshops
This post is inspired by Dave Ladd's Security Education v. Security Training My favorite quote is "We require our SDL training to emphasize the basics of secure design, development and test – then allow employees and their management to select the training Read More...
Posted 06 May 07 06:22 by alikl | 2 Comments   
Filed under ,
ASP.NET Health Monitoring Means Logging And Auditing
I constantly keep seeing ASP.NET developers using log4net for logging and auditing their Web apps. While I have nothing against log4net - it is great stuff I presume though never used it - it is pretty funny to me to get why people do not use built-in Read More...
Posted 02 May 07 07:35 by alikl | 5 Comments   
Filed under , , ,
I Do Not Have Time For That
Every creature on that planet has exactly the same 24 hours a day - no more, no less. So what this "I do not have time for that" can be broken into the following: "You waste your time on something I would never spend a minute". This one means "I do not Read More...
Posted 01 May 07 06:17 by alikl | 1 Comments   
Filed under

Search

This Blog

. My Personal Blog .

.Net Performance How To's

.Net Security How To's

Design Patterns

Impactful

Lifecycle Phases

Popular

Tools

Syndication

Page view tracker