Revealing clear text passwords in memory seems to be a trivial task. This post describes how to reveal clear text passwords and what countermeasures to apply. Summary of steps: Install WinDbg Attach to process or open dump file Load SOS .Net extensions for WinDbg Enumerate threads ...

From my learning of IIS7 I understand that IIS7's metabase is actually XML configuration file very familiar to me and similar to ASP.NET's web.config. It is called applicationHost.config and sits in C:\Windows\System32\inetsrv\config My first interest was to see how it manages passwords when specifying...

Reposted from Security Code Inspection - First Look For What To Look For for further reuse on this blog. I found it extremely productive to first look for strings in the code. But what strings to look for? And how to look for the strings? Looking into the source files? My good friend FindStr is of great...

SecureString Class "Represents text that should be kept confidential. The text is encrypted for privacy when being used, and deleted from computer memory when no longer needed. This class cannot be inherited. " I first was very excited about SecureString introduced in .Net FX 2.0 but as I tried to learn...

Google launches a special treat just for developers ... I'd like to present it from some different perspective. Imagine you provide search criteria as follows: " Initial Catalog " - try it. What do you see? More like these here Doesn't it make you want to write more secure code ... :) ? Enjoy