DevDevin

  Home  |   Contact  |   Syndication    |   Login
  105 Posts | 0 Stories | 36 Comments | 29 Trackbacks

News

Archives

Post Categories

Blogworthy

Design Patterns

Recommended Books

Security

Anything related to security
Last week I attended the Black Hat DC 2008 Briefings. The following is a list of the presentations I saw, the key concepts discussed as well as things I found interesting or didn’t know. Summary of Black Hat DC 2008 Briefings DAY 1 - Web App Track Preparing for the Cross Site Request Forgery Defense · A cross site request forgery (CSRF) can be used to force users to submit data to online web applications, sometimes manipulating their local cache or history. · This vulnerability could make a user ......

Many antivirus programs are still susceptible to this evasion technique: Original post: http://blog.didierstevens.c... News article: http://www.vnunet.com/vnune... ......

Here is a pretty good introductory article on crypto in .NET: http://www.codeguru.com/csharp/.net/net_security/encryption/article.php/c14033__1/.

 


I just got done with a long afternoon of implementing a Windows Service to self-host my WCF service. It was a bit trickier than I thought it would be so if I can save you the headache I'll be happy. A good place to start is by reading these two MSDN articles: http://msdn.microsoft.com/m... http://msdn.microsoft.com/m... Next, you'll want to understand these support articles: http://msdn2.microsoft.com/... ......

I was curious to understand Kerberos on a much deeper level so I decided to gather some resources in order to learn what was really going on under the hood: Kerberos Wikipedia.org http://en.wikipedia.org/wik... Kerberos Explained (Windows Server 2000) http://www.microsoft.com/te... Introduction to Kerberos Webcast (Windows Server 2000) http://support.microsoft.co... Kerberos Auth in ......

This review on rootkits might save you some day: http://www.informationweek.com/news/showArticle.jhtml?articleID=196901062&pgno=1.

For defence in depth, developers may wish to use the Microsoft Anti-Cross Site Scripting Library to encode output. This library differs from most encoding libraries in that it uses the "principle of inclusions" technique to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The principle of inclusions approach provides a high degree of protection against ......

SecureString Class Represents text that should be kept confidential. The text is encrypted for privacy when being used, and deleted from computer memory when no longer needed. This class cannot be inherited. Namespace: System.SecurityAssembly: mscorlib (in mscorlib.dll) http://msdn2.microsoft.com/... ......

David Litchfield has found an interesting new security vulnerability in Oracle databases and also done a comparison on whether Oracle or SQL Server is more secure. Dangling Cursor Snarfing: A New Class of Attack in Oracle - http://securitywatch.eweek.... Which Database is More Secure? Oracle vs. Microsoft - http://www.databasesecurity... ......

Two useful MSDN security articles on preventing SQL injection attacks... Stop SQL Injection Attacks Before They Stop You: http://msdn.microsoft.com/m... New SQL Truncation Attacks And How To Avoid Them: http://msdn.microsoft.com/m... ......

Full Security Archive