Alik Levin's
Security and Performance From the Field
Browse by Tags
All Tags
»
Security
(RSS)
AJAX
Auditing and Logging
Authentication
Authorization
CardSpace
CAS
Code Inspection
Deployment Inspection
Deployment Phase
Development Phase
End User
Fuzzing
IIS 7
Implementation
Inception Phase
Information Gathering
Input Validation
Performance
Planning Phase
Practices
Reflection
Sensitive Data
Test Phase
Threat Modeling
Tools
Vista
WCF
Security Code Review – String Search Patterns For Authorization Vulnerabilities
These are the questions and the search criteria I use to identify authorization vulnerabilities in the code beyond web.config <authorization> node. How does the code protect access to page classes? Attributes Search for PrincipalPermission attributes.
Read More...
Security Code Review – String Search Patterns For Authentication Vulnerabilities
This post contains string search patterns that can help identifying authentication vulnerabilities during security code inspection for your ASP.NET application . Most common vulnerability is about insecurely manipulating credentials in the code. The question
Read More...
Security Code Review – String Search Patterns For Finding Input Validation Vulnerabilities
Well defined set of search patterns helps significantly reduce time (cost) when performing security code inspections. This post focuses on input validation vulnerabilities commonly found in ASP.NET web applications. SQL Injection and Cross Site Scripting
Read More...
patterns & practices Improving Web Services Security: Scenarios and Implementation Guidance for WCF - BETA Is Out
patterns & practices team has just released a beta version of WCF Security Guide on Codeplex. Download the guide at http://www.codeplex.com/WCFSecurityGuide . Original announcement by J.D. Meier, the man behind the effort, is here - New Release: patterns
Read More...
WCF Security - Input/Data Validation Using Schemas
WCF offers very flexible approach of Input and Data Validation based on XML Schemas. The approach is flexible since the validation rules are expressed in form of XML schema and can be changed at any time without recompiling the solution. I followed the
Read More...
WCF Security - Input/Data Validation Sample Visual Studio Project
Input and Data Validation is one of the core security principles . WCF is no exception . To get most out of WCF in secure way one must implement proper Input and Data Validation. I was following instructions on How To – Perform Input Validation
Read More...
patterns & practices WCF Security Guidance Project - live on Codeplex
patterns & practices has recently released WCF Security Guidance Project . JD , the program manager behind the effort, has been blogging about it too.It is evolving project but the initial content is fantastic already. It has Application Scenarios
Read More...
Quickly Find And Fix Cross Site Scripting (XSS) Vulnerabilities In Your ASP.NET Application.
Want to quickly check your ASP.NET Web application for Cross Site Scripting (XSS) vulnerability ? It is pretty easy with the knowledge and tools you already have. This post describes how to quickly find and fix most of XSS vulnerabilities in your code.
Read More...
Securing IIS7 - Windows Server 2008 Security Guide
Windows Server 2008 Security Guide is out. It covers many crucial aspects but my favorite of course is IIS7 chapter: Chapter 6: Hardening Web Services This chapter provides prescriptive guidance for hardening the Web Server role. The chapter discusses
Read More...
Security Code Review – Use Visual Studio Bookmarks To Capture Security Findings
How to streamline the process of capturing security flaws during security code review? How to save time and avoid switching between the tools? How to stay focused? In this post I will show my simple technique to capture security flaws using Bookmarks
Read More...
Chain Of Responsibility Design Pattern – Focus On Security, Performance, And Operations
The pattern is also called Intercepting Filter, Pipeline, AOP, and may be few more… I am confused by the name for this design pattern. “Life is really simple, but we insist on making it complicated.” - Confucius No matter how they call
Read More...
Basic HttpModule Sample (Plus Bonus Case Study - How HttpModule Saved Mission Critical Project's Life)
This post to describe basic steps to write HttpModule and how it rescued mission critical application from not hitting the dead line. HttpModule is the mechanism that facilitates implementing cross cutting logic for incoming ASP.NET requests. ASP.NET
Read More...
ASP.NET 3.5 Extensions: Basic Steps To Create Dynamic Data Web Application - Focus On Security and Performance
This post walks through the steps I've taken to create simple Dynamic Data Web Application. I just loved the development model for DTO [Data Transfer Object] and Input Validation options. Summary of steps Step 1 - Download and install ASP.NET Extensions.
Read More...
Avoid Manipulating Passwords In Memory - It Is Easy To Reveal
Revealing clear text passwords in memory seems to be a trivial task. This post describes how to reveal clear text passwords and what countermeasures to apply. Summary of steps: Install WinDbg Attach to process or open dump file Load SOS .Net extensions
Read More...
ASP.NET 2.0 Internet Security Reference Implementation - Have It Handy
JD Meier writes in his blog : The ASP.NET 2.0 Internet Security Reference Implementation is a sample application complete with code and guidance. Our purpose was to show patterns & practices security guidance in the context of an application scenario.
Read More...
More Posts
Next page »
Search
Go
This Blog
Home
Email
Tags
AJAX
Auditing and Logging
Authentication
Authorization
CardSpace
CAS
Code Inspection
Deployment Inspection
Deployment Phase
Development Phase
End User
Exception Handling
Fuzzing
IIS 7
Implementation
Inception Phase
Information Gathering
Input Validation
Interop
Operations
Performance
Planning Phase
Practices
Reflection
Security
Sensitive Data
Test Phase
Threading
Threat Modeling
Tools
Video
Vista
VSTS
WCF
Archives
August 2008 (1)
July 2008 (7)
June 2008 (5)
May 2008 (4)
April 2008 (4)
March 2008 (3)
February 2008 (3)
January 2008 (10)
December 2007 (6)
November 2007 (4)
October 2007 (11)
September 2007 (4)
August 2007 (6)
July 2007 (8)
June 2007 (3)
May 2007 (21)
April 2007 (25)
March 2007 (25)
. My Personal Blog .
Practice This
.Net Performance How To's
Improving .NET Application Performance and Scalability
Exceptional Performance
Performance Testing Guidance How-To's
Fiddler PowerToy - Part 2: HTTP Performance
Performance Testing with Fiddler
Bottleneck-Detection Counters
Troubleshooting Performance Problems in SQL Server 2005
Performance Frame - v2
.Net Security How To's
patterns & practices Security How To's Index
ASP.NET 2.0 Security Questions and Answers
Tamper detection
Authentication Hub
VSTS Resources
Architecture and Design checklists
Securing Sites with IP Address Restrictions
WCF - XSD validation for WCF services
WCF - Message Inspectors
Using Credential Management in Windows XP and Windows Server 2003
WCF - Common Security Scenarios
WCF - Authorization
Validating XML Data with XmlReader
Input Validation - XML Data
Validation - Web Client Software Factory
patterns & practices WCF Security Application Scenarios
Microsoft Identity and Access Management Series
Design Patterns
data & object factory
Yahho Design Pattern Library
Sample .Net 3.0 app
Application Architecture for .NET: Designing Applications and Services
Litware HR - A Multitenant sample application
Microsoft .NET Pet Shop 4.0
Responsive Composite Web Client Reference Implementation
Table of Contents: Introduction to CAB/SCSF
ASP.NET Quickstarts
Microsoft Identity and Access Management Series
Software design patterns
Impactful
Super Size Me
Billy Eliot
The Legend of 1900
The Terminal
The Counterfeiters
Lifecycle Phases
5. Deployment Phase
3. Development Phase
4. Test Phase
1. Inception Phase
2. Planning Phase
Popular
My Favorite Shortcuts
My Pipeline Is My Inbox
Security .Net Code Inspection Using Outlook 2007
Security Code Inspection - Eternal Search For SQL Injection
.Net Assembly Spoof Attack
Code Inspection - First Look For What To Look For
How To Hack WCF - New Technology, Old Hacking Tricks
Generate Documents Out Of Mail Items Directly From Outlook 2007
ARCast With Ron Jacobs - Defending the Application
How to Use Outlook 2007 RSS To Effectively Aggregate And Distill Information
Tools
Fiddler2 Web Debugger - Freeware HTTP(S) debugging tool
Microsoft Network Monitor 3
FxCop Team Page
Microsoft Threat Analysis & Modeling
Windows Sysinternals tools
Log Parser 2.2
p&p Practices Checker - performance
Microsoft ® Windows Server ™ 2003 Performance Advisor
Ajax View
WCat 6.3 (x86)
Funnel Web Analyzer 5.0 for Windows
Syndication
RSS 2.0
Atom 1.0
