Alik Levin's
Security and Performance From the Field Consultant
Browse by Tags
All Tags
»
Tools
(RSS)
AJAX
Auditing and Logging
Authentication
Code Inspection
Deployment Inspection
Deployment Phase
Development Phase
End User
Exception Handling
Implementation
Information Gathering
Input Validation
Performance
Planning Phase
Practices
Security
Sensitive Data
Test Phase
Video
VSTS
WCF
Security Code Review – String Search Patterns For Finding Input Validation Vulnerabilities
Well defined set of search patterns helps significantly reduce time (cost) when performing security code inspections. This post focuses on input validation vulnerabilities commonly found in ASP.NET web applications. SQL Injection and Cross Site Scripting
Read More...
ASP.NET Performance Sin - Serving Images Dynamically (Or Another Reason To Love Fiddler)
Serving images dynamically may cause performance hit. Dynamically served images require more HTTP requests which violates Steve Souders' performance rule #1 - Make Fewer HTTP Requests . The latency is also caused by parallelism (or parallel downloading)
Read More...
Free Performance Tool - Analyze IIS Logs Like A Pro With Funnel Web Analyzer
These free performance tools will save you time and money identifying performance bottlenecks. Your customers will thank you for building fast and responsive applications. Funnel Web Analyzer 5.0 for Windows Download the tool here. Analyzer gives insight
Read More...
Quickly Find And Fix Cross Site Scripting (XSS) Vulnerabilities In Your ASP.NET Application.
Want to quickly check your ASP.NET Web application for Cross Site Scripting (XSS) vulnerability ? It is pretty easy with the knowledge and tools you already have. This post describes how to quickly find and fix most of XSS vulnerabilities in your code.
Read More...
Performance Development Lifecycle (PDL) Session Materials
Yesterday I gave a talk about the subject during Performance Open House First off, thanks for attending my talk. The materials are published here . Enjoy.
Read More...
Stress Test ASP.NET Web Application With Free WCAT Tool
Building ASP.NET web applications? Plan to serve thousands of users? Would you like to see how your application would behave [misbehave] under stress? Use simple-to-use and freely available WCAT tool to generate the load and get detailed report for expected
Read More...
Performance Sin - Using Exceptions To Control Flow
Want to spot coding anti-patterns from performance perspective without actually looking in the code? One of the common performance coding anti-patterns I’ve noticed lately is using Exception Handling to control program flow. The anti-patterns Most
Read More...
Security Code Review – Use Visual Studio Bookmarks To Capture Security Findings
How to streamline the process of capturing security flaws during security code review? How to save time and avoid switching between the tools? How to stay focused? In this post I will show my simple technique to capture security flaws using Bookmarks
Read More...
Performance Code Review Tool – Practices Checker
Care about performance? Do you write your code with performance in mind? Want little help to spot performance bottlenecks automatically? Practices Checker to the rescue. The goal of the tool is “Help you perform a manual code inspection by analyzing
Read More...
Profiling JavaScript With Ajax View Tool: Spot Poor Performance Client Script In No Time
Ever wondered why your application unreasonably slow? You have it all - most powerful hardware, your database is tuned, SQL queries are optimized, network is barely utilized, and .Net code is super efficient. So why on earth response time is so slow?
Read More...
Create Your Own Guidance Explorer Items Inside Outlook 2007
Want to create your own nuggets of wisdom? Want it to look and feel like patterns&practices nuggets of wisdom look and feel? Want to reuse it, mix and match with existing ones? It is easy and fast with Outlook 2007. I will show how I extend my knowledge
Read More...
Consume patterns&practices Guidance Explorer Via RSS Using Outlook 2007
patterns&practices recently released new version of Guidance Explorer [GE]. One of the most important addition was enabling RSS on the online GE store. What does that mean? It means you can consume distilled security, performance, and Visual Studio
Read More...
Identify ASP.NET, Web Services, And WCF Performance Issues By Examining IIS Logs
Simple examination of IIS logs can reveal potential performance issues related to ASP.NET web applications, ASP.NET web services, and IIS hosted WCF services. Fast, easy, cheap. These are the simple steps I take: Time-Taken & W3C Logs: Turn it on...
Read More...
Security Tools From Microsoft ACE Team
Mark covers arsenal of security tools available from Microsoft ACE team . The tools are: Threat Analysis & Modeling Enterprise (TAM-E) CAT.NET (Code Analysis Tool) Spider TCM (Assessment and compliance tool)
Read More...
XSSDetect Public Beta now Available!
XSSDetect public beta is now available for download on MSDN. Overview XSSDetect is a static code analysis tool that helps identify Cross-Site Scripting security flaws found within Web applications. It is able to scan compiled managed assemblies (C#, Visual
Read More...
More Posts
Next page »
Search
Go
This Blog
Home
Email
ads
Tags
AJAX
Auditing and Logging
Authentication
Authorization
CardSpace
CAS
Code Inspection
Consulting
Deployment Inspection
Deployment Phase
Development Phase
End User
Exception Handling
Fuzzing
IIS 7
Implementation
Inception Phase
Information Gathering
Input Validation
Interop
Operations
Performance
Planning Phase
Practices
Reflection
Security
Sensitive Data
SharePoint
Test Phase
Threading
Threat Modeling
Tools
Video
Vista
VSTS
WCF
Archives
October 2008 (2)
September 2008 (4)
August 2008 (1)
July 2008 (7)
June 2008 (5)
May 2008 (4)
April 2008 (4)
March 2008 (3)
February 2008 (3)
January 2008 (10)
December 2007 (6)
November 2007 (4)
October 2007 (11)
September 2007 (4)
August 2007 (6)
July 2007 (8)
June 2007 (3)
May 2007 (21)
April 2007 (25)
March 2007 (25)
. My Personal Blog .
Practice This
.Net Performance How To's
Improving .NET Application Performance and Scalability
Exceptional Performance
Performance Testing Guidance How-To's
Fiddler PowerToy - Part 2: HTTP Performance
Performance Testing with Fiddler
Bottleneck-Detection Counters
Troubleshooting Performance Problems in SQL Server 2005
Performance Frame - v2
.Net Security How To's
patterns & practices Security How To's Index
ASP.NET 2.0 Security Questions and Answers
Tamper detection
Authentication Hub
VSTS Resources
Architecture and Design checklists
Securing Sites with IP Address Restrictions
WCF - XSD validation for WCF services
WCF - Message Inspectors
Using Credential Management in Windows XP and Windows Server 2003
WCF - Common Security Scenarios
WCF - Authorization
Validating XML Data with XmlReader
Input Validation - XML Data
Validation - Web Client Software Factory
patterns & practices WCF Security Application Scenarios
Microsoft Identity and Access Management Series
Design Patterns
data & object factory
Yahho Design Pattern Library
Sample .Net 3.0 app
Application Architecture for .NET: Designing Applications and Services
Litware HR - A Multitenant sample application
Microsoft .NET Pet Shop 4.0
Responsive Composite Web Client Reference Implementation
Table of Contents: Introduction to CAB/SCSF
ASP.NET Quickstarts
Microsoft Identity and Access Management Series
Software design patterns
Impactful
Super Size Me
Billy Eliot
The Legend of 1900
The Terminal
The Counterfeiters
Lifecycle Phases
5. Deployment Phase
3. Development Phase
4. Test Phase
1. Inception Phase
2. Planning Phase
Popular
My Favorite Shortcuts
My Pipeline Is My Inbox
Security .Net Code Inspection Using Outlook 2007
Security Code Inspection - Eternal Search For SQL Injection
.Net Assembly Spoof Attack
Code Inspection - First Look For What To Look For
How To Hack WCF - New Technology, Old Hacking Tricks
Generate Documents Out Of Mail Items Directly From Outlook 2007
ARCast With Ron Jacobs - Defending the Application
How to Use Outlook 2007 RSS To Effectively Aggregate And Distill Information
Tools
Fiddler2 Web Debugger - Freeware HTTP(S) debugging tool
Microsoft Network Monitor 3
FxCop Team Page
Microsoft Threat Analysis & Modeling
Windows Sysinternals tools
Log Parser 2.2
p&p Practices Checker - performance
Microsoft ® Windows Server ™ 2003 Performance Advisor
Ajax View
WCat 6.3 (x86)
Funnel Web Analyzer 5.0 for Windows
Syndication
RSS 2.0
Atom 1.0
