DotNetShoutout - Stories tagged with Security

Security

atom rss
8
Shouts
spam Shout it Mute it

Cracking a Microsoft contest or why Silverlight-WCF security is important
published 905 days, 9 hours, 11 minutes ago posted by sandrinosandrino 909 days, 12 hours, 34 minutes ago
Monday, December 27, 2010 12:07:02 PM GMT Thursday, December 23, 2010 8:43:36 AM GMT
Now there I was playing the game while I was debugging an application with Fiddler when I noticed something... the Silverlight was communicating with a WCF service. Nothing special here, were it not for the fact that after some time I was able to access the list of all high scores, insert my own highscore (which could make me win a Windows Phone or a laptop), ... After doing a few tests I notified Microsoft Belgium, but I guess someone already took advantage of this 'exploit'. The top score is someone... (more)
category: Metro | clicked: 1 | 1 comment | | source: sandrinodimattia.net
tags: Silverlight, Security, WCF
6
Shouts
spam Shout it Mute it

ASP.NET and WIF: Showing custom profile username as User.Identity.Name
published 905 days, 9 hours, 11 minutes ago posted by gpeipmangpeipman 909 days, 20 hours, 6 minutes ago
Monday, December 27, 2010 12:07:02 PM GMT Thursday, December 23, 2010 1:11:57 AM GMT
I am building ASP.NET MVC application that uses external services to authenticate users. For ASP.NET users are fully authenticated when they are redirected back from external service. In system they are logically authenticated when they have created user profiles. In this posting I will show you how to force ASP.NET MVC controller actions to demand existence of custom user profiles. (more)
category: Web Dev | clicked: 4 | 3 comments | | source: weblogs.asp.net
tags: Security, WIF, ASP.NET
3
Shouts
spam Shout it Mute it

OWASP Top 10 for .NET developers part 6: Security Misconfiguration
published 912 days, 2 hours, 58 minutes ago posted by http://troyhunt.myopenid.com/http://troyhunt.myopenid.com/ 912 days, 15 hours, 34 minutes ago
Monday, December 20, 2010 6:20:11 PM GMT Monday, December 20, 2010 5:43:49 AM GMT
If your app uses a web server, a framework, an app platform, a database, a network or contains any code, you’re at risk of security misconfiguration. So that would be all of us then. This is where security configuration (or misconfiguration, as it may be), comes into play. How configurable settings within the app are handled – not code, just configurations – can have a fundamental impact on the security of the app. Fortunately, it’s not hard to lock things down pretty tightly, you just need to know wher... (more)
category: Web Dev | clicked: 1 | comment | | source: www.troyhunt.com
tags: Security, Configuration, OWASP
4
Shouts
spam Shout it Mute it

.NET Encryption - Part 1
published 945 days, 19 hours, 29 minutes ago posted by brunomarquesbrunomarques 946 days, 19 hours, 54 minutes ago
Wednesday, November 17, 2010 1:49:00 AM GMT Tuesday, November 16, 2010 1:24:15 AM GMT
First article of a series covering .NET Encryption. This first article offers a brief overview of concepts like symmetric, asymmetric encryption and hashing (more)
category: Architecture | clicked: 0 | comment | | source: geeklyeverafter.blogspot.com
tags: .NET, Security, Encryption, Cryptography
2
Shouts
spam Shout it Mute it

Add your OWN server role in DENALI
posted by sqlarticlessqlarticles 948 days, 7 hours, 17 minutes ago
Sunday, November 14, 2010 2:00:58 PM GMT
Microsoft this week unveiled its newest version of SQL server code named DENALI most probably will be known as SQL server 2011. I have had a bit of play around with the new version and found some of the new features being added to the Database engine. The first coolest thing that I looked at was NEW server roles. Starting from Denali you can create user-def... (more)
category: Data | clicked: 0 | comment | | source: sql-articles.com
tags: Security, server role, denali
6
Shouts
spam Shout it Mute it

MSDN Magazine: Security Briefs - Web Application Configuration Security Revisited
published 957 days, 3 hours, 26 minutes ago posted by https://me.yahoo.com/mosessaur#7fe0dhttps://me.yahoo.com/mosessaur#7fe0d 959 days, 9 hours, 31 minutes ago
Friday, November 05, 2010 5:51:43 PM GMT Wednesday, November 03, 2010 11:46:53 AM GMT
Bryan Sullivan follows up on configuration security with some relatively obscure—but important—web.config settings that should be addressed, and discusses a new free tool to help you find potential problems. (more)
category: Architecture | clicked: 0 | comment | | source: msdn.microsoft.com
tags: Security, Web applications, Web application, MSDN, MSDN Magazine
4
Shouts
spam Shout it Mute it

OWASP Top 10 for .NET developers part 5: Cross-Site Request Forgery (CSRF)
published 960 days, 1 hour, 40 minutes ago posted by http://troyhunt.myopenid.com/http://troyhunt.myopenid.com/ 961 days, 12 hours, 14 minutes ago
Tuesday, November 02, 2010 7:38:27 PM GMT Monday, November 01, 2010 9:04:02 AM GMT
If you’re anything like me, your browser tab bar is probably flush with a bunch of different sites all presently authenticated to and sitting idly by waiting for your next HTTP instruction to update your status, accept your credit card or email your friends. And then there’s all those sites which, by virtue of the ubiquitous “remember me” checkbox, don’t appear open in any browser sessions yet remain willing and able to receive instruction on your behalf. This post looks at securing your .NET code agains... (more)
category: Web Dev | clicked: 0 | comment | | source: www.troyhunt.com
tags: Security, Csrf, OWASP
5
Shouts
spam Shout it Mute it

Protect Your ASP.NET App From SQL Parameter Injection
published 971 days, 19 hours, 54 minutes ago posted by JudoJudo 972 days, 17 hours, 52 minutes ago
Friday, October 22, 2010 1:23:36 AM GMT Thursday, October 21, 2010 3:25:45 AM GMT
Securing your ASP.NET web app from SQL Injection attacks paramount in the design of any ASP.NET app. Say you are viewing a transaction of customer #448, andyour URL looks something like www.myapplication.com/customer.aspx?customerID=448. What is to stop customer 448 from typing in 449,  and viewing another customer’s transaction details? The situation can even escalate into typing in complete SQL statements and executing them inside the original statements you have coded.  Checking for let’s say a custom... (more)
category: Web Dev | clicked: 0 | comment | | source: www.aspnet101.com
tags: Security, SQL Injection
3
Shouts
spam Shout it Mute it

Protecting asp.net machine keys and connection strings
published 975 days, 6 hours, 42 minutes ago posted by http://eglasius.blogspot.com/http://eglasius.blogspot.com/ 979 days, 5 hours, 49 minutes ago
Monday, October 18, 2010 2:36:01 PM GMT Thursday, October 14, 2010 3:28:57 PM GMT
Last month I blogged about how the asp.net padding oracle vulnerability related to getting different levels of access to the application, where part of it involved gaining access to unprotected machine keys at the web.config of the affected sites. While the Microsoft's patch that closes the vulnerability is already on Windows Update and other distribution channels, it doesn't mean we shouldn't pay attention to keeping important access information of our application out of harms way. Protecting config s... (more)
category: Web Dev | clicked: 0 | comment | | source: eglasius.blogspot.com
tags: Security, Padding Oracle, ASP.NET
4
Shouts
spam Shout it Mute it

ASP.NET Security Fix Now on Windows Update - ScottGu's Blog
published 991 days, 52 minutes ago posted by rajuraju 991 days, 14 hours, 17 minutes ago
Saturday, October 02, 2010 8:26:24 PM GMT Saturday, October 02, 2010 7:01:25 AM GMT
Earlier this week I blogged about the availability of a patch on the Microsoft Download Center to fix the recent ASP.NET Security Vulnerability. Today we also made it possible to update systems through Windows Update (WU) and Windows Server Update Services (WSUS).  This enables administrators to more easily streamline patch installs, and enables you to take advantage of the WU/WSUS infrastructure to detect which patches you should install based on what versions of .NET are on your system. Please make s... (more)
category: Web Dev | clicked: 0 | comment | | source: weblogs.asp.net
tags: .NET, Security, Community News, ASP.NET
3
Shouts
spam Shout it Mute it

ASP.NET security hole patch
posted by http://agafonovslava.blogspot.com/http://agafonovslava.blogspot.com/ 993 days, 13 hours, 33 minutes ago
Thursday, September 30, 2010 7:44:28 AM GMT
Microsoft has published a Security Advisory (2416728) about a security vulnerability in ASP.NET on Saturday, September 18th. This vulnerability exists in all versions of ASP.NET and was publication disclosed late Friday at a security conference. Scott Guthrie has provided information on workarounds (please see Important: ASP.NET Security Vulnerability and ASP.NET Security Vulnerability) to prevent attackers from using this security hole against their ASP.NET.  To help with Microsoft’s. (more)
category: Web Dev | clicked: 0 | comment | | source: blog.agafonov.net.ua
tags: Security, ASP.NET Security Hole, ASP.NET
13
Shouts
spam Shout it Mute it

ASP.NET Security Update Now Available - ScottGu's Blog
published 993 days, 16 hours, 23 minutes ago posted by rajuraju 994 days, 23 hours, 54 minutes ago
Thursday, September 30, 2010 4:54:55 AM GMT Tuesday, September 28, 2010 9:23:59 PM GMT
This morning Microsoft released a security update that addresses the ASP.NET Security Vulnerability that I’ve blogged about this past week.  We recommend installing it as soon as possible on your web-servers. Common Questions/Answers Below are some answers to a few common questions people have asked: Do the updates require me to change any code? No. The update should not require any code or configuration change to your existing ASP.NET applications. Will I still need to use the workarounds after I i... (more)
category: Web Dev | clicked: 0 | comment | | source: weblogs.asp.net
tags: .NET, Security, ScottGu, ASP.NET
13
Shouts
spam Shout it Mute it

ASP.NET Security Update Shipping Tuesday, Sept 28th - ScottGu's Blog
published 994 days, 8 hours, 59 minutes ago posted by rajuraju 995 days, 15 hours, 1 minute ago
Wednesday, September 29, 2010 12:18:45 PM GMT Tuesday, September 28, 2010 6:17:18 AM GMT
An hour ago Microsoft released an advance notification security bulletin announcing that we are releasing an out-of-band security update to address the ASP.NET Security Vulnerability that I’ve blogged about this past week.  The security update is fully tested, and is scheduled for release tomorrow - Tuesday September 28th – at approximately 10:00 AM PDT.  The advance notice bulletin is intended to ensure administrators know it is coming, and are better prepared to apply it once the update is available. ... (more)
category: Web Dev | clicked: 0 | comment | | source: weblogs.asp.net
tags: .NET, Security, ScottGu, ASP.NET
7
Shouts
spam Shout it Mute it

Update on ASP.NET Vulnerability - ScottGu's Blog
published 996 days, 9 hours, 27 minutes ago posted by rajuraju 998 days, 3 hours, 21 minutes ago
Monday, September 27, 2010 11:50:34 AM GMT Saturday, September 25, 2010 5:56:42 PM GMT
Earlier this week I posted about an ASP.NET Vulnerability, and followed this up with another blog post that covers some Frequently Asked Questions about it. We are actively working on releasing a security update that fix the issues, and our teams have been working around the clock to develop and test a fix that is ready for broad distribution across all Windows platforms via Windows Update.  I’ll post details about this once it is available.Revised Workaround and Additional URLScan Step In my first bl... (more)
category: Web Dev | clicked: 0 | comment | | source: weblogs.asp.net
tags: .NET, Security, ScottGu, ASP.NET
3
Shouts
spam Shout it Mute it

Frequently Asked Questions about the ASP.NET Security Vulnerability - Scott Guthrie
published 1000 days, 2 hours, 29 minutes ago posted by jantujantu 1001 days, 1 hour, 51 minutes ago
Thursday, September 23, 2010 6:48:59 PM GMT Wednesday, September 22, 2010 7:26:36 PM GMT
Two days ago I published an important blog post about a security vulnerability in ASP.NET.  In it I discussed a workaround that we recommend customers use to help prevent attackers from using the vulnerability against your applications. Below are answers to some common questions people have asked since then about the vulnerability. Is Microsoft going to release an update to fix the vulnerability? Yes.  We are working on an update to ASP.NET that we will release via Windows Update once it has been thor... (more)
category: Web Dev | clicked: 0 | comment | | source: weblogs.asp.net
tags: .NET, Security, Community News, ASP.NET
2
Shouts
spam Shout it Mute it

Attempted to read or write protected memory : The CodeGain
posted by codegaincodegain 1002 days, 20 hours, 6 minutes ago
Tuesday, September 21, 2010 1:12:05 AM GMT
Attempted to read or write protected memory. This is often an indication that other memory has been corrupted. (more)
category: Web Dev | clicked: 1 | comment | | source: www.codegain.com
tags: .NET, Security
2
Shouts
spam Shout it Mute it

Access to the path xxx is denied ASP.NET is not authorized to access the requested resource : The CodeGain
posted by codegaincodegain 1002 days, 20 hours, 7 minutes ago
Tuesday, September 21, 2010 1:11:18 AM GMT
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. (more)
category: Web Dev | clicked: 0 | comment | | source: www.codegain.com
tags: Security, ASP.NET 4.0
4
Shouts
spam Shout it Mute it

Fear, uncertainty and and the padding oracle exploit in ASP.NET
published 1003 days, 8 hours, 47 minutes ago posted by http://troyhunt.myopenid.com/http://troyhunt.myopenid.com/ 1004 days, 9 hours, 36 minutes ago
Monday, September 20, 2010 12:31:05 PM GMT Sunday, September 19, 2010 11:41:45 AM GMT
Here’s a good look at what the padding oracle exploit does to ASP.NET apps and how Scott Guthrie’s mitigation guidance makes good sense. If you’re responsible for an ASP.NET web app, this affects YOU. (more)
category: Web Dev | clicked: 0 | comment | | source: www.troyhunt.com
tags: .NET, Security
2
Shouts
spam Shout it Mute it

Code Access Security Cheat Sheet
published 1006 days, 6 hours, 47 minutes ago posted by brunomarquesbrunomarques 1007 days, 4 hours, 46 minutes ago
Friday, September 17, 2010 2:30:59 PM GMT Thursday, September 16, 2010 4:31:32 PM GMT
A free and simple cheat sheet about .NET Code Access Security, more specifically about the declarative and imperative way of dealing with permissions. (more)
category: Architecture | clicked: 0 | comment | | source: geeklyeverafter.blogspot.com
tags: .NET, Security, CAS
3
Shouts
spam Shout it Mute it

OWASP Top 10 for .NET developers part 4: Insecure direct object reference
posted by http://troyhunt.myopenid.com/http://troyhunt.myopenid.com/ 1016 days, 9 hours, 9 minutes ago
Tuesday, September 07, 2010 12:09:17 PM GMT
Consider for a moment the sheer volume of information that sits out there on the web and is accessible by literally anyone. No authentication required, no subversive techniques need be employed, these days just a simple Google search can turn op all sorts of things. It’s no wonder developers often implement solutions with the full expectation it will only ever be accessed in the intended context, unaware (or unconcerned) that just a little bit of exploration and experimenting can open some fairly major ... (more)
category: Web Dev | clicked: 2 | comment | | source: www.troyhunt.com
tags: Security, OWASP
Previous 1 2 3 4 Next