Security

Managing Identity

Excellent white paper on “.NET Developer's Guide to Identity“ . This white paper by Keith Brown explains different authentication ,authorization mechanisms, talks abt federated identity,ADFS, security in WCF ..and lot more..This is a kind a boon for developers ..as all material is available at single place

Posted On Sunday, September 03, 2006 12:36 PM | Feedback (0)

Share This Post:

InfoCard !!

MS Windows Cardspace Home - http://msdn.microsoft.com/w... Infocard blog(s): http://blogs.msdn.com/andyh... Articles: First look at InfoCard ..will fill up the post as I read more info.. ...

Posted On Sunday, September 03, 2006 11:55 AM | Feedback (0)

Share This Post:

Security Enhancements in .NET framework 2.0

Following are some of the materials explaing security enhancements in .NET framework 2.0 http://blogs.msdn.com/shawn... http://msdn.microsoft.com/m... http://msdn.microsoft.com/l... Security Practises in ASP.NET 2.0 http://msdn.microsoft.com/l... ...

Posted On Sunday, September 03, 2006 10:31 AM | Feedback (0)

Share This Post:

Basic questions for Security Code Review

Following are the main areas to look for security code review: SQL injection CSS Data Access Input/Data Validation Authentication Authorization Sensitive data Unsafe code Unmanaged code Hard-coded secrets Poor error handling Web.config CAS Cryptography Undocumented public interfaces Thread Racing problems For details look into Security Engineering Explained by MS Patterns and Practises !! ...

Posted On Sunday, September 03, 2006 10:20 AM | Feedback (0)

Share This Post:

One-click attack:How to prevent them?

One click attack normally occurs when attacker creates a prefilled web page(.htm or .aspx) with view state. The view state is generated from a previously created page. ex. shopping cart page with say 50 items. The attacker then lures unsususpecting user to browse the page and causing the page to be sent to server where view state is valid. To prevent this kind of attack in .NET, use Page.ViewStateUserKey in Page_Init event with unique value per user such as username or configured in web.config...

Posted On Sunday, September 03, 2006 10:09 AM | Feedback (0)

Share This Post:

DOM based XSS attack

We have heard of Cross-Site Scripting attack....basically two types of cross site scripting is normally explained everywhere.. Non-Persistent XSS - which normally occurs when the input is directly echoed on the browser which causes the script in the input to execute. This script can steal the cookie using document.cookie and may post the values to attacker's site. Persistent XSS occurs when the input (from querystring, form variables) is stored in the database and later retrieved to display it on...

Posted On Sunday, September 03, 2006 9:53 AM | Feedback (0)

Share This Post:

Some nice articles on Security

How to Think about Security - By James A. Whittaker and Richard Ford A Process for performing Security Code Review - By Michael Howard Security in WCF - By Keith Brown ...

Posted On Friday, August 11, 2006 6:02 PM | Feedback (1)

Share This Post:

VS 2005 Security features and Tools

http://msdn.microsoft.com/s... - Lists and provides all security features and tools in VS 2005

Posted On Wednesday, July 05, 2006 1:05 PM | Feedback (0)

Share This Post:

Parmeshwar's Space !!

Security

Managing Identity

InfoCard !!

Security Enhancements in .NET framework 2.0

Basic questions for Security Code Review

One-click attack:How to prevent them?

DOM based XSS attack

Some nice articles on Security

VS 2005 Security features and Tools

News

Recent Comments

Article Categories

Archives

Post Categories

.NET Framework

General

My favourites

Security

Security Blogs

Syndication:

Hosted by