Welcome to MSDN Blogs Sign in | Join | Help

Security (RSS)

Identity Blogger's Blog Hacked

Sounds like one of those stories with a predictable punchline. But there's a surprise and I won't spoil it: My blog was hacked over the weekend. ... ZDNet broke the news on Monday - I was awakened by PR people. The headline read, “Microsoft privacy guru’s Read More...
Posted Thursday, November 01, 2007 9:26 AM by gduthie | 0 Comments
Filed under:

Download the XSSDetect Public Beta

This is definitely one tool you should be trying if you're writing web apps with Visual Studio. Cross-site scripting bugs are one of the most frequent classes of security issues in web apps, and as such any tool that can help you identify and remove these Read More...
Posted Wednesday, October 24, 2007 3:16 PM by gduthie | 1 Comments
Filed under:

"A la Vista" : Windows Live ID Web Authentication and the ASP.NET Development Server

Catherine Heller has posted a very detailed how-to on implementing the new web-auth for Windows Live ID ...as soon as I have a little extra time, I'm going to play around with this, in case I need it for http://www.madcodecamp.com/ . Windows Live ID Web Read More...
Posted Thursday, August 30, 2007 9:08 AM by gduthie | 0 Comments

ars technica on Windows Live ID

Some interesting info on the what, how and why of the Windows Live ID SDK : Microsoft recently opened up its Windows Live ID service to third-party web developers. Windows Live ID—formerly known as Microsoft Passport—is a web-based authentication service Read More...
Posted Sunday, August 26, 2007 12:15 PM by gduthie | 0 Comments
Filed under: ,

Windows Live ID - Platform Neutral

I know there are probably some folks who roll their eyes when Microsoft uses the term "platform-neutral" : Windows Live ID Web Authentication 1.0 SDK Brief Description The Windows Live™ ID Web Authentication 1.0 software development kit (SDK) gives you Read More...
Posted Friday, August 17, 2007 9:04 AM by gduthie | 1 Comments

New version of Anti-XSS library for ASP.NET

There's an updated version of the Anti-XSS (cross-site scripting) library that I blogged about a while back. Check it out here: http://msdn2.microsoft.com/en-us/security/aa973814.aspx Read More...
Posted Friday, April 20, 2007 9:41 AM by gduthie | 0 Comments
Filed under: ,

Interesting Security Article

It only covers a six-month snapshot, but the conclusions run counter to popular wisdom: http://www.internetnews.com/security/article.php/3667201 Read More...
Posted Thursday, March 22, 2007 11:39 AM by gduthie | 0 Comments
Filed under:

P&P Security WIKI

Looking for developer security info? Check out the Patterns & Practices Security WIKI on Channel 9 . Read More...
Posted Tuesday, November 14, 2006 12:13 PM by gduthie | 0 Comments
Filed under:

FAQ Friday tomorrow with Special Guest Randy Hayes

Join us for the next FAQ Fridays devBrainPick event tomorrow at noon eastern time, when we'll have special guest Randy Hayes joining us to discuss Least Privilege and software development. Randy Hayes is the President of the Central Maryland Association Read More...
Posted Thursday, November 09, 2006 7:23 AM by gduthie | 0 Comments

NoVaSQL October Meeting

From my friends at NoVaSQL : Everyone, The Northern Virginia SQL Server Users Group ( www.novasql.com ) is announcing its next session for 2006 to benefit IT Professionals (DBAs, Developers, Admins, etc.) in the Northern Virginia, Washington DC and Maryland Read More...
Posted Monday, October 23, 2006 9:07 AM by gduthie | 0 Comments
Filed under: , , ,

Have kids or family members on the web?

Help them stay safe ... Read More...
Posted Tuesday, August 22, 2006 1:10 PM by gduthie | 1 Comments
Filed under:

Who are you?

More importantly, who is that accessing your site? Want to find out more easily? Check out the new MSDN Identity and Access Management developer center . Read More...
Posted Friday, July 28, 2006 5:01 PM by gduthie | 0 Comments
Filed under: ,

Reducing UAC prompts

I've been somewhat lax in my postings on least privilege of late, in part because I've been pretty pleased with what I've been seeing in Windows Vista for low privilege, which we call the User Access Control (UAC) feature. UAC allows you to run as either Read More...
Posted Wednesday, July 26, 2006 3:05 PM by gduthie | 0 Comments

Planning for Regulatory Compliance

Are you responsible for managing or planning how your organization will deal with regulatory compliance with things like SOx, HIPAA, or other regulations? You might want to check out the Regulatory Compliance Planning Guide . Read More...
Posted Wednesday, July 26, 2006 2:42 PM by gduthie | 0 Comments
Filed under:

Using applicationName to enable credential sharing in ASP.NET 2.0

One of the things many folks want to do as soon as they start playing with the Membership provider in ASP.NET 2.0 is to share a single credential database across multiple applications. And of course, most folks don't want to just run their applications Read More...
Posted Wednesday, July 26, 2006 2:30 PM by gduthie | 0 Comments
Filed under: ,
More Posts Next page »
 
Page view tracker