Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Security   (RSS)
Wednesday, September 20, 2006 1:49 PM

Security Myth: Only Large Development Teams can Write Secure Code

I would recommend that you share this post on the http://blogs.msdn.com/S4CD with anyone that automatically cite resources as an excuse for not writing secure code. This is an extremely well documented example of how a small team can developer secure
Posted by dansellers | 1 Comments
Filed under:
Thursday, August 24, 2006 10:43 PM

IIS 6.0 and ASP.NET 2.0 Credentials--Part Two

The ASP.NET User Principal (HTTPContext.User) clearly depends upon the Authentication Mechanism that you selected in IIS 6.0 "Authenication Tab" and if you use Integrated Windows Authentication then it is dependant on the IIS impersonation token that
Posted by dansellers | 0 Comments
Filed under:
Thursday, August 24, 2006 12:34 PM

IIS 6.0 and ASP.NET 2.0 Credentials

The one area that many developers do not have good grasp at is how Authentication tokens from IIS 6.0 is passed to ASP.NET 2.0 and how these tokens can subsequently be used for Authorization in an ASP.NET 2.0 Web Application. The one question that arises
Posted by dansellers | 0 Comments
Filed under:
Friday, March 24, 2006 12:26 AM

SQL Server 2005 Security for Developers Webcast for on-demand viewing is available

The on-demand Webcast of SQL Server 2005 for Developers, conducted on March 22, 2006, by Rob Walters--Program Manager, SQL Server Security-- and I, is now available for on-demand viewing . Post Notes from this Webcast can be found at my blog . Look forward
Posted by dansellers | 1 Comments
Filed under: ,
Wednesday, March 22, 2006 2:54 PM

Regenerating Keys in SQL Server 2005

In my latest Webcast on SQL Server 2005 Security one of the questions that came up was: “If some fields of your table are encrypted and you are suspicious that the key has been revealed can you re-encrypt all the fields with the regenerated key”? Currently,
Posted by dansellers | 1 Comments
Filed under:
Wednesday, March 22, 2006 1:59 PM

Post Webcast’s Notes: Securing SQL Server 2005 for Developers

This morning was a jammed filled session covering off a lot of changes made to Microsoft SQL Server 2005. Over the last few weeks we talk exclusively about Front End security issues such as Input trust and the creation of a Development and Design environment
Posted by dansellers | 3 Comments
Filed under: ,
Sunday, March 19, 2006 1:59 PM

IOSEC and Anti-Cross Site Scripting Tool

Recently, Microsoft released the latest update to Anti-Cross Site Scripting tool which is part of a bigger plan known as the Microsoft IOSEC—an internal library. The IOSEC library currently implements encoding protection against XSS attacks conducted
Posted by dansellers | 0 Comments
Filed under:
Thursday, March 16, 2006 7:00 PM

Code Scanning Tools' WebCast for on-demand viewing is available

The on-demand version of the Visual Studio 2005 and Code Scanning Tools, conducted on March 15, 2006,by Kevin Lam and I, is now available for on-demand viewing . Look forward to seeing everyone for next week webcast .
Posted by dansellers | 0 Comments
Filed under: ,
Wednesday, March 15, 2006 7:35 PM

Webcast's Post Notes: Visual Studio 2005 and Code Scanning Tools

In today’s webcast we had the opportunity to explore the buffer overrun attack in depth which is considered one of the worst vulnerabilities that exist. Any code that is written in C or C++ --without proper security code reviews--on any platform is susceptible
Posted by dansellers | 1 Comments
Filed under: ,
Tuesday, March 14, 2006 1:07 PM

Ops!!! SecurePasswordTextBox Update now Available

After last week WebCast --in which I talked about the new System.Security.SecureString class as well as the cool SecurePasswordTextBox that Paul Glavs wrote--he experienced an sudden increase in downloads. You can read about it here ! Recently, Paul has
Posted by dansellers | 0 Comments
Filed under:
Monday, March 13, 2006 9:17 PM

ASP.NET 2.0 and the new HTTP-only property

To minimize the threat of Cross Site scripting attacks ASP.NET 1.1 introduced the ValidateRequest="true" on the @ Pages element. Recently, Microsoft improved the HttpUtility.HtmlEncode with the new Anti-XSS tool . But another subtle and equally important
Posted by dansellers | 0 Comments
Filed under:
Friday, March 10, 2006 12:05 PM

Least Privilege Development in Microsoft Windows Vista

In my last Webcast on Least Privilege I eluded to the fact that this was going to change with the release of Windows Vista. In fact it is going to change significantly. Here is a white paper that provides an understanding of User Account Protection (UAP)
Posted by dansellers | 0 Comments
Filed under:
Friday, March 10, 2006 11:22 AM

Thoughts on Security Analogies

I thought I would share Michael Howard's recent blog on " Security Analogies are Wrong ". I agree with Michael take on Security Analogies as I hear them all the time but I thought his post was hilarous as he turns the tables with his counter analogy:
Posted by dansellers | 0 Comments
Filed under:
Friday, March 10, 2006 2:11 AM

Microsoft Threat Analysis & Modeling tool v 2.0 (Beta 2)

Today Microsoft released Beta 2 of the second version of the Threat Modeling and Analysis Tool for download . Microsoft has been using the Threat Modeling methodology as part of our Security Development Lifecycle for a few years now. Threat Modeling is
Posted by dansellers | 1 Comments
Filed under:
Thursday, March 09, 2006 10:02 AM

Answer to the Trivial Question

The answer to the trivial question from my blog based upon the March 8, 2006 WebCasts “Least Privilege Development and New System.Security Features” is below: Question: The KeyInfo element can consist of either a <KeyName/> or a <RetrievalMethod/>
Posted by dansellers | 0 Comments
Filed under: ,
More Posts Next page »
 
Page view tracker