Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » .NET   (RSS)

TAM v3.0 beta is live!

A new version of threat analysis and modeling tool has been released. This version has significant improvements from previous version as identified in previous posts. You can find more information on the download link and bugs link from TAM 3.0 Beta is Read More...
Posted Tuesday, July 21, 2009 7:33 PM by anilkr | 0 Comments
Filed under: ,

Connection String Injection Attack

Today I was looking at some new classes in .NET 2.0 and stumbled across DbConnectionStringBuilder class. This class provides compile time checks around building connection strings with user input. If you are constructing connection string dynamically Read More...
Posted Monday, July 20, 2009 10:58 PM by anilkr | 0 Comments
Filed under: ,

AJAX approach to localizing Date Time

I am pretty confident most of you people out there have developed web applications for global use which display date time according to the user’s local time zone. Although it is possible to do this on the server side, it is very efficient and easy to Read More...
Posted Friday, May 29, 2009 4:48 PM by anilkr | 0 Comments
Filed under: ,

System.Security.SecureString Part II

Second part of the SecreString blog post. Check it out at http://blogs.msdn.com/cisg/archive/2008/12/17/secure-string-in-net-part-ii.aspx . Thanks RV Read More...
Posted Thursday, December 18, 2008 12:11 AM by anilkr | 0 Comments
Filed under: ,

How the Anti-XSS 3.0 SRE Works

Published a new blog on how SRE works internally. Kind of a starter course on Anti-XSS SRE code. Check it out at How the Anti-XSS 3.0 SRE Works . Thanks RV Read More...
Posted Tuesday, December 16, 2008 7:03 PM by anilkr | 0 Comments
Filed under: ,

Anti-XSS Webcast

On January 9th there will be a webcast on technet about Anti-XSS v3.0. This will showcase some of the improvements done to the Anti-XSS library. The webcast registration url is http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032398771&Culture=en-US Read More...
Posted Wednesday, December 10, 2008 1:13 AM by anilkr | 0 Comments
Filed under: , , ,

Security Deployment Review Tool Webcast

Deployment Reviews is a process to check a host for security settings, mostly those affect the applications that are hosted on that. A technet webcast has been scheduled to reveal an automated tool to check for deployment security settings. The webcast Read More...
Posted Thursday, December 04, 2008 5:48 PM by anilkr | 0 Comments
Filed under: , ,

Oslo M Language

The M language is awesome, I have been experimenting with it for quite some time now. it allows you to create models of types in a descriptive language. The idea behind M language is to capture developers intent in a descriptive language for modeling Read More...
Posted Monday, November 10, 2008 9:58 PM by anilkr | 0 Comments
Filed under:

SECURITY Q&A #1

From a security perspective what's wrong with this code? 1: <html> 2: <head> 3: <title>Welcome Page</title> 4: <script language= "JavaScript" > 5: function openNewWindow() 6: { 7: window.open( '<%=Server.HtmlEncode(Request.QueryString["URL"])%>' Read More...
Posted Friday, November 07, 2008 12:37 AM by anilkr | 0 Comments
Filed under: ,

Developer Security IQ

There is a very good article on MSDN magazine about security bugs. A good Q&A to determine your security IQ. Check it out at http://msdn.microsoft.com/en-us/magazine/cc982154.aspx . In this spirit I will try to post some security Q&A specially Read More...
Posted Friday, November 07, 2008 12:07 AM by anilkr | 0 Comments
Filed under: ,

Security Runtime Engine

We have been working on this project for some time now. It is a http module to protect web applications from certain attacks. http://blogs.msdn.com/cisg/archive/2008/10/24/a-sneak-peak-at-the-security-runtime-engine.aspx Thanks RV Read More...
Posted Friday, October 24, 2008 6:12 PM by anilkr | 0 Comments
Filed under: , ,

System.Security.SecureString in .NET

Varun in our team has posted part I of series about SecureString in .NET. Awesome blog entry talks about internal details on how secure strings work in .NET with some samples. Check it out at http://blogs.msdn.com/cisg/archive/2008/10/08/secure-strings-in-net-part-i.aspx Read More...
Posted Wednesday, October 08, 2008 10:50 PM by anilkr | 1 Comments
Filed under: ,

XmlDocument vs XElement Performance

I have been using XElement class a lot lately, I was doing some performance tests on this to figure out the difference between this and XmlDocument class and here is what I found. First of all XElement class is part of .NET Framework 3.5, it was introduced Read More...
Posted Wednesday, October 08, 2008 10:46 PM by anilkr | 6 Comments
Filed under: ,

AntiXss Encoding and ASP.NET Data Binding

It's been a while since I posted my last blog entry. This time it is on few ASP.NET data binding scenarios and how you should use AntiXss encoding. Very important for ASP.NET developers. Check it out on our team blog at http://blogs.msdn.com/cisg/archive/2008/10/01/asp-net-data-binding-and-antixss-encoding.aspx Read More...
Posted Wednesday, October 01, 2008 7:23 PM by anilkr | 0 Comments
Filed under: , ,

HTML Encoding of ASP.NET Controls

Ever wonder which controls need HTML encoding, this is a developer nightmare. We have looked at some common controls that most of developers use and determined which properties need HTML encoding. I have posted the blog entry on our team site, check it Read More...
Posted Wednesday, September 17, 2008 6:43 PM by anilkr | 0 Comments
Filed under: , ,
More Posts Next page »
 
Page view tracker