Browse by Tags

All Tags » Security » Implementation   (RSS)
WCF Security - Input/Data Validation Using Schemas
WCF offers very flexible approach of Input and Data Validation based on XML Schemas. The approach is flexible since the validation rules are expressed in form of XML schema and can be changed at any time without recompiling the solution. I followed the Read More...
Posted 25 May 08 03:52 by alikl | 0 Comments   
Filed under , , , ,
WCF Security - Input/Data Validation Sample Visual Studio Project
Input and Data Validation is one of the core security principles . WCF is no exception . To get most out of WCF in secure way one must implement proper Input and Data Validation. I was following instructions on How To – Perform Input Validation Read More...
Posted 25 May 08 12:17 by alikl | 1 Comments   
Filed under , , , ,
patterns & practices WCF Security Guidance Project - live on Codeplex
patterns & practices has recently released WCF Security Guidance Project . JD , the program manager behind the effort, has been blogging about it too.It is evolving project but the initial content is fantastic already. It has Application Scenarios Read More...
Posted 02 April 08 08:53 by alikl | 0 Comments   
Filed under , , , ,
Chain Of Responsibility Design Pattern – Focus On Security, Performance, And Operations
The pattern is also called Intercepting Filter, Pipeline, AOP, and may be few more… I am confused by the name for this design pattern. “Life is really simple, but we insist on making it complicated.” - Confucius No matter how they call Read More...
Posted 14 January 08 03:50 by alikl | 1 Comments   
Filed under , , ,
Basic HttpModule Sample (Plus Bonus Case Study - How HttpModule Saved Mission Critical Project's Life)
This post to describe basic steps to write HttpModule and how it rescued mission critical application from not hitting the dead line. HttpModule is the mechanism that facilitates implementing cross cutting logic for incoming ASP.NET requests. ASP.NET Read More...
Posted 26 December 07 10:09 by alikl | 1 Comments   
Filed under , , , ,
ASP.NET 3.5 Extensions: Basic Steps To Create Dynamic Data Web Application - Focus On Security and Performance
This post walks through the steps I've taken to create simple Dynamic Data Web Application. I just loved the development model for DTO [Data Transfer Object] and Input Validation options. Summary of steps Step 1 - Download and install ASP.NET Extensions. Read More...
Posted 18 December 07 10:08 by alikl | 1 Comments   
Filed under , , , , ,
ASP.NET 2.0 Internet Security Reference Implementation - Have It Handy
JD Meier writes in his blog : The ASP.NET 2.0 Internet Security Reference Implementation is a sample application complete with code and guidance. Our purpose was to show patterns & practices security guidance in the context of an application scenario. Read More...
Posted 21 November 07 10:04 by alikl | 4 Comments   
Filed under , , , , ,
Web Services Over SSL - Is It Really That Slow Like They Say?
My answer is "no" . I am working on solution where there is no Windows Active Directory Domain so we cannot utilize our beloved Kerberos and Windows Integrated Authentication saving big on configuration and management while taking advantage of increased Read More...
Posted 01 August 07 03:35 by alikl | 2 Comments   
Filed under , , , , , ,
Man-In-The-Middle-Attack: Protecting Http Traffic With SSL Might Be Not Enough - Consider Protecting SQL Traffic Too
Think configuring SSL for your web site is enough to protect against prying eyes? Here is how the sensitive data can be exposed by sniffing your SQL traffic. Consider common simple 3 tier web architecture for data driven web site. The Web and DB server Read More...
Posted 30 July 07 03:06 by alikl | 1 Comments   
Filed under , , ,
WCF Security In Intranet Scenario : Thoughts On Cons and Pros
I am researching on best practices with WCF security in terms of "YOU SHOUD" vs "YOU CAN". While it is great to have "How to" stuff I am also interested in "Why" angle. I have common simple scenario of WinForms client consuming WCF service inside corp Read More...
Posted 26 July 07 01:54 by alikl | 3 Comments   
Filed under , , , ,
Typed DataSet - Potential Performance And Security Risk
Are you using Typed DataSet as DTO (data transfer object) ? Are you building distributed systems where the DTO goes back and forth including your Smart Client? If yes then I think you should be aware that the most of your DB schema can be easily revealed Read More...
Posted 06 July 07 09:49 by alikl | 4 Comments   
Filed under , , , ,
T-Shooting Kerberos
I was delivering "Authentication Explained" session for Security User Group. First off - thanks for attending the session! The session was based on "Authentication Explained" workshop . During the session I was demoing the following topics: Identity Flow Read More...
Posted 04 July 07 10:16 by alikl | 2 Comments   
Filed under , , , , ,
SOA, Strong Authentication, Standard Authorization - Cool Solution
reposted from here I've previously blogged about SOA Security Inside Enterprise walls This time I had couple of pretty interesting requirements from one customer that targeted B2B/Partners scenario. They had a web site that communicates to partner's web Read More...
Posted 30 May 07 01:45 by alikl | 7 Comments   
Filed under , , ,
Creating a Parameterized Query In Visual Studio
Creating parameterized queries is one of the major countermeasures to SQL Injection attacks (not the ultimate but major). I always did it in old fashion way - using code only and I am ashamed I never utilize advanced productivity features of Visual Studio. Read More...
Posted 28 May 07 05:10 by alikl | 1 Comments   
Filed under , ,
.Net Security How To's
patterns & practices Security How To's Index ASP.NET 2.0 Security Questions and Answers Tamper detection Authentication Hub Enjoy Read More...
Posted 30 April 07 01:14 by alikl | 2 Comments   
Filed under ,
More Posts Next page »

Search

Go

This Blog

ads

. My Personal Blog .

.Net Performance How To's

.Net Security How To's

Design Patterns

Impactful

Lifecycle Phases

Popular

Tools

Syndication

Page view tracker