Dan Sellers's WebLog

A Passion for .NET Security

February, 2006

  • Dan Sellers's WebLog

    Change to ASP.NET 2.0 Forms Authentication Persistent Cookies

    • 1 Comments
    I have already highlighted some of the subtle security and migration issues with .NET Framework 2.0 such as: SN tool work with PFX Files Safe CRT Libraries This time, however, I will talk about a third subtle change which is to do with the...
  • Dan Sellers's WebLog

    Microsoft Release new Anti-XSS tool

    • 11 Comments
    Microsoft just released a new Anti-XSS tool that works with .NET Framework 1.0, 1.1 and 2.0. Anytime you echo user input back to the Web Page you are susceptible either persistent or non-persistent cross site scripting attacks . You can download the tool...
  • Dan Sellers's WebLog

    Sharing Forms Authentication between ASP.NET 1.1 and ASP.NET 2.0 Applications

    • 0 Comments
    As you start shifting from ASP.NET 1.1 to ASP.NET 2.0 development there may be instances where you want to be able to share Authentication cookies between different versions of your ASP.NET Web Sites. Due to another subtle security changes made to Forms...
  • Dan Sellers's WebLog

    IIS and Multiple Version of .NET Framework

    • 1 Comments
    I have seen this question in forums as well as many emails on how to configure two versions of the .NET Framework to work with IIS for different sites. I thought I would share the steps outline below that someone wrote: Install both versions...
  • Dan Sellers's WebLog

    ASP.NET 2.0 Security Training Modules and Videos!!!

    • 2 Comments
    The ASP.NET 2.0 and security team has released excellent training modules on APS.NET 2.0 security, including labs, modules and videos. This covers such topics as XSS, SQL Injection and much more at: http://channel9.msdn.com/wiki/default.aspx/SecurityWiki...
  • Dan Sellers's WebLog

    Data Validation—Deny-list or Approve-list approach?

    • 4 Comments
    I think by now we all know that all data input from a Web UI should be considered evil until validated. We also know that data validation performed strictly on the client is not really there for security but rather better responsiveness to the End-Users...
  • Dan Sellers's WebLog

    Visual Studio 2005 Safe C and C++ (Safe CRT) Runtime Library

    • 2 Comments
    When Visual Studio 2005 was released in November 2005 there were many features announced and talked about extensively. However, I found one piece that was overlooked was the major changes made to the C and C++ Runtime Library to improve Security in your...
  • Dan Sellers's WebLog

    .NET Pet Shop 4

    • 1 Comments
    .NET Pet Shop 4 sample application has now been released to the MSDN. It worthwhile looking at this application as it discusses how the application was migrated from ASP.NET 1.1 as well as highlighting the best practices for building n-tier ASP.NET 2...
  • Dan Sellers's WebLog

    ASP.NET How Do I Video Series

    • 2 Comments
    The ASP.NET team created some high quality video series on ASP.NET 2.0 – the How Do I video series. It covers many of the common tasks and many of the productivity benefits of the platforms in short 15 minute digestable videos. This is a great resource...
  • Dan Sellers's WebLog

    Snippy—a cool UI tool for building Code Snippets

    • 0 Comments
    As I mentioned in my last blog entry I think Code Snippets is one my favorite features in Visual Studio 2005. However, I found creating snippets by marking up XML—at times—can be cumbersome until now that is! Snippy is a simple but cool UI tool for building...
  • Dan Sellers's WebLog

    The Code Room: BREAKING INTO VEGAS!

    • 4 Comments
    The Code Room is online ½ hour TV show focusing on developers and the programming challenges that they face. The latest show, in a very, very cool way, will demonstrate the impact of a hacked environment (a casino in the show) that has been penetrated...
  • Dan Sellers's WebLog

    Where are the Security Configuration Tools in .NET Fx 2.0?

    • 1 Comments
    When I recently installed only the v2.0 .NET redist package, I noticed that the .NET Configuration MMC was MIA and the only tool available was Caspol. Therefore, after some research I noticed with .NET Fx 2.0 many of the Security tools were moved to the...
  • Dan Sellers's WebLog

    ASMX 2.0, WSE 3.0 and WCF

    • 0 Comments
    Web Services were enhanced with the release of .NET Framework 2.0 and then came along WSE 3.0 in December 2005 and in January 2006 Microsoft announced GO-LIVE licensing for Windows Communication Foundation (formerly known as Indigo). If you are confused...
  • Dan Sellers's WebLog

    SN v2.0 Works With PFX Files

    • 1 Comments
    .NET Framework 2.0 sn tool has the ability to work with PKCS #12 PFX files in addition to SNK files. This offers the benefit of having your keys stored in encrypted format rather than the standard plain text. You can get more detailed information from...
  • Dan Sellers's WebLog

    New C# Code Snippets for Visual Studio 2005

    • 0 Comments
    I would have to rank Code Snippets as one of my favorite features added to Visual Studio 2005. But the code snippets that were initially available only for Visual Basic developers can now be downloaded for C# developers as well at: http://msdn.microsoft...
  • Dan Sellers's WebLog

    Plumbers@Work Episode 3 hits the street

    • 0 Comments
    We just finished out third episode of Plumbers at Work Episode 3 for your listening pleasures. Show Notes: Introduction Around the Horn with the Plumbers Security March with Dan Sellers Microsoft Blacklisted C++ Libraries...
  • Dan Sellers's WebLog

    DACL guidance to writing Services

    • 0 Comments
    If you are writing Services for Windows then you need to read the just released Microsoft Knowledge Base article on Best Practices and Guidance for writers of Service discretionary access control lists. Service discretionary access control lists...
  • Dan Sellers's WebLog

    Web-Security v1.1 is now a Standard

    • 0 Comments
    The OASIS group has officially approved WS-Security v1.1 as a standard. Check out the official release from OASIS here
  • Dan Sellers's WebLog

    Windows Defender Beta 2 is now Out

    • 1 Comments
    Microsoft Windows Defender Beta 2 is a spyware protection program that I have personally been using on few computers for serveral months now. I like how it automatically updates itselfs and how, for the most part keeps on running smoothly in the back...
  • Dan Sellers's WebLog

    MSDN Forums Integrated with Visual Studio 2005

    • 0 Comments
    If you have been using Visual Studio 2005 at least once you will have probably noticed that the Start Page has changed and receives RSS feeds from http://msdn.microsoft.com for WebCasts. Further yet if you have not noticed there is also a new menu called...
  • Dan Sellers's WebLog

    Security on the Brain

    • 1 Comments
    Are you interested in Security from a Developer prespective then check out the new MSDN Canada Security on the Brain Web Site. This site is dedicated to provide the lastest information on Security for Developers as well as upcoming events such as the...
  • Dan Sellers's WebLog

    Windows OneCare Live--Get the Beta

    • 0 Comments
    It is hard to believe but approximately 70% of home computers are not using any software Firewall protection--such as the one that comes with Windows XP SP 2--or even any anti-virus software. And of course we can easily conclude that these home computers...
  • Dan Sellers's WebLog

    RSA 2006: Secure Software is up to Business

    • 0 Comments
    One of the themes discussed at RSA 2006 was Secure Software. Secure software is up to businesses and most businesses are not doing enough to build and buy securely written software, according to a panel of corporate security executives, academics and...
  • Dan Sellers's WebLog

    Team Foundation Server RC1 is Live

    • 1 Comments
    The Team Foundation Server Release Candidate bits including upgrade utilities are now available for download worldwide from the MSDN Subscriber Downloads To upgrade from Beta3 Refresh to RTM, please follow these steps: Backup your server and...
  • Dan Sellers's WebLog

    SECURITY ON THE BRAIN Webcast Series

    • 0 Comments
    Wow! We currently have 1800 people registered for Security on the Brain Webcasts . There is still room, so if you want to learn more about developing secure software using Visual Studio 2005 and .NET Framework 2.0 then these five sessions for one hour...
Page 1 of 2 (32 items) 12