DotNetShoutout - Stories tagged with Security

Security

atom rss
2
Shouts
spam Shout it Mute it

Back to Basic – ASP.NET Runtime Impersonation
published 1015 days, 14 hours, 6 minutes ago posted by gilfgilf 1016 days, 13 hours, 48 minutes ago
Wednesday, September 08, 2010 11:34:27 AM GMT Tuesday, September 07, 2010 11:52:16 AM GMT
Today I got a question from one of the developers at my main customer. The question was how to move an uploaded file from an ASP.NET server to a file server on the network. The answer is of course by impersonating. In this post I’ll explain how you can make ASP.NET impersonation and in more details how to make runtime impersonation. (more)
category: Web Dev | clicked: 0 | comment | | source: blogs.microsoft.co.il
tags: Security, ASP.NET
4
Shouts
spam Shout it Mute it

ASP.NET ViewState Security
posted by JudoJudo 1021 days, 11 hours, 41 minutes ago
Thursday, September 02, 2010 1:59:24 PM GMT
ASP.NET ViewState data is stored in a single Base64-encoded string  such as  this:id="__VIEWSTATE" value="dDw3NDg2NdTI5MDg7Ozr4="/> Since this value is not formatted in clear text, developers sometimes assume that their ViewState data is encrypted which is most certainly not the case. This data string can be reverse-engineered this and then viewed. This is an obvious security issue if sensitive data is being stored in ViewState. To make ViewState secure, there are two choices, hash codes and ViewStat... (more)
category: Web Dev | clicked: 1 | comment | | source: www.aspnet101.com
tags: Security, ViewState
5
Shouts
spam Shout it Mute it

Rich Internet Applications: The Next Frontier of Corporate Development - Security from eWeek
published 1027 days, 9 hours, 20 minutes ago posted by webguiwebgui 1028 days, 13 hours, 7 minutes ago
Friday, August 27, 2010 4:19:51 PM GMT Thursday, August 26, 2010 12:33:00 PM GMT
What about RIAs? Is the security picture any better for these platforms? (more)
category: Web Dev | clicked: 3 | comment | | source: www.eweek.com
tags: Cloud, RIA, Security, Programming, Development, Web, IT, Ajax, applications
3
Shouts
spam Shout it Mute it

C# Security – Using Hashing
published 1030 days, 12 hours, 37 minutes ago posted by JudoJudo 1031 days, 14 hours, 38 minutes ago
Tuesday, August 24, 2010 1:03:07 PM GMT Monday, August 23, 2010 11:02:43 AM GMT
Hashing   is a method of one-way encryption which is ideal for storing passwords in a database, as you may never require a decrypted version. To authenticate some data, simply hash what the user input and compare it with the data stored in the database. A hash code will always be a small fixed size irrespective of the  data length of the source. This makes hashing ideal for comparing files or identifying errors in a data stream (similar to a checksum). A single-bit alteration in any part of  the source... (more)
category: Architecture | clicked: 0 | comment | | source: www.csharphelp.com
tags: Security, C#, Hashing
3
Shouts
spam Shout it Mute it

Windows Server File Level Security
posted by JudoJudo 1035 days, 16 hours, 16 minutes ago
Thursday, August 19, 2010 9:24:20 AM GMT
Files on Windows Server are only as secure as their permissions. Thus, it is essential to know that Windows Server 2008 R2 does not give the Everyone group full control over NTFS-level and share-level. Additionally, important   system files and directories are secured to prevent  unauthorized access. This is a definite improvement over previous versions of Windows Server, but  a solid understanding of file-level security is still  important to fully ensure the security of files on Windows Server.Underst... (more)
category: Architecture | clicked: 0 | comment | | source: www.winserverhelp.com
tags: Security, Windows Server 2008 R2
5
Shouts
spam Shout it Mute it

New white paper: Windows Azure Security Overview
published 1041 days, 14 hours, 36 minutes ago posted by cechovcechov 1042 days, 14 hours, 13 minutes ago
Friday, August 13, 2010 11:04:45 AM GMT Thursday, August 12, 2010 11:27:26 AM GMT
Nuovo White paper sulla sicurezza di Windows Azure (more)
category: Web Dev | clicked: 0 | 1 comment | | source: www.moredev.com
tags: Security, Azure
6
Shouts
spam Shout it Mute it

Federated Identity - Passive Authentication for ASP.NET with WIF
published 1049 days, 16 hours, 2 minutes ago posted by https://me.yahoo.com/mosessaur#7fe0dhttps://me.yahoo.com/mosessaur#7fe0d 1050 days, 17 hours, 33 minutes ago
Thursday, August 05, 2010 9:37:51 AM GMT Wednesday, August 04, 2010 8:07:48 AM GMT
The goal of federated security is to provide a mechanism for establishing trust relationships between domains. Platform tools like Windows Identity Foundation (WIF) make it much easier to support this type of identity federation. We show you how. (more)
category: Web Dev | clicked: 3 | comment | | source: msdn.microsoft.com
tags: Security, WIF, ASP.NET
9
Shouts
spam Shout it Mute it

How to access a newly installed SQL Server 2008 R2 instance if you do not know the login and password
published 1054 days, 13 hours, 24 minutes ago posted by jacobsebastianjacobsebastian 1055 days, 19 hours, 51 minutes ago
Saturday, July 31, 2010 12:16:00 PM GMT Friday, July 30, 2010 5:49:32 AM GMT
This post shows a work around to access a newly installed SQL Server 2008 R2 instance in case you forgot/lost the login name and password (more)
category: Data | clicked: 6 | comment | | source: beyondrelational.com
tags: Security, DBA, SQLServer, workaround
5
Shouts
spam Shout it Mute it

Working with SQL Server Logins | Just Like a Magic
posted by http://elsheimy.myopenid.com/http://elsheimy.myopenid.com/ 1057 days, 6 hours, 49 minutes ago
Wednesday, July 28, 2010 6:51:10 PM GMT
This lesson discusses all the details of SQL Server logins. It begins by discussing how to create SQL Server logins. After that, it focuses on how to change the properties of existing login. Next, it discusses how to delete an existing login. Moreover, we will focus on how to enumerate a list of existing logins and roles. Lastly, we will talk a look on how to manage login permissions in SQL Server. In addition, we will link between SQL Server and .NET Framework and we will teach you many techniques other... (more)
category: Data | clicked: 0 | comment | | source: justlikeamagic.com
tags: SQL Server, .NET, Security, T-SQL
6
Shouts
spam Shout it Mute it

Identity & SecurityCallContext in WCF « Sankarsan’s Journal
published 1058 days, 15 hours, 48 minutes ago posted by http://sankarsan.myopenid.com/http://sankarsan.myopenid.com/ 1060 days, 9 hours, 53 minutes ago
Tuesday, July 27, 2010 9:52:03 AM GMT Sunday, July 25, 2010 3:47:28 PM GMT
In an Windows environment every process(or code) executes under some valid user identity which is nothing but a authenticated Windows account.In .NET Framework we have the interface System.Security.Principal.IIdentity which provides the basic definition of identity....... (more)
category: How To | clicked: 2 | comment | | source: sankarsan.wordpress.com
tags: Security, ServiceSecurityContext, WCF
6
Shouts
spam Shout it Mute it

Securing web application against harmful SQL injections
published 1067 days, 13 hours, 5 minutes ago posted by alexandermpalexandermp 1068 days, 11 hours, 48 minutes ago
Sunday, July 18, 2010 12:34:51 PM GMT Saturday, July 17, 2010 1:52:25 PM GMT
Ways to secure an application from SQL injections, for any application size and system complexity. (more)
category: Architecture | clicked: 0 | comment | | source: alexandermp.com
tags: Security
4
Shouts
spam Shout it Mute it

ASP.NET Membership - Handling Authenticated Users that are Not Authorized - Joe Stagner
published 1069 days, 13 hours, 5 minutes ago posted by jantujantu 1070 days, 7 hours, 7 minutes ago
Friday, July 16, 2010 12:35:23 PM GMT Thursday, July 15, 2010 6:33:38 PM GMT
if the user does not have an account on the web site, they will need access to the “Register.aspx” page in order to create one. This resources specific access is provided via the (more)
category: Web Dev | clicked: 5 | comment | | source: misfitgeek.com
tags: roles, Security, Microsoft, Tutorial, Membership, code, ASP.NET
8
Shouts
spam Shout it Mute it

Adding ASP.NET Membership to your OWN Database - Joe Stagner
published 1070 days, 12 hours, 17 minutes ago posted by jantujantu 1072 days, 14 hours, 59 minutes ago
Thursday, July 15, 2010 1:22:57 PM GMT Tuesday, July 13, 2010 10:41:00 AM GMT
ScottGu forwarded me an email from a developer this weekend who wanted to use ASP.NET Membership in an application deployed on a shared hosting account that allows only one SQL Server database. It’s not all that difficult to add ASP.NET membership (as well as other ASP.NET services) to your existing database. ASP.NET doesn’t really care where the information repository for it’s built in services live as long as they are complete. The database that contains the ASP.NET Application Services repository i... (more)
category: How To | clicked: 16 | comment | | source: misfitgeek.com
tags: Security, custom, Membership, ASP.NET
7
Shouts
spam Shout it Mute it

jon torresdal - Screen Cast: Windows Identity Foundation and Active Directory Federation Services
published 1087 days, 13 hours, 32 minutes ago posted by http://jon.torresdal.net/http://jon.torresdal.net/ 1089 days, 14 hours, 4 minutes ago
Monday, June 28, 2010 12:07:55 PM GMT Saturday, June 26, 2010 11:36:41 AM GMT
A few months back I went on a tour with MSDN Live here in Norway talking about WIF and ADFS. These talks where recorded, but only in Norwegian, so I did a screen cast of the same talk in English. This will eventually be available on Channel9, but until then I’ve made it available here. WIF together with AD FS 2.0 really made it easy to do federation with partner organizations whic... (more)
category: Web Dev | clicked: 2 | 1 comment | | source: blog.torresdal.net
tags: Security, ADFS, WIF, STS, Federation, ASP.NET
4
Shouts
spam Shout it Mute it

A smart method to create piracy-proof, retro-compatible serials
published 1096 days, 12 hours, 53 minutes ago posted by TabblesTabbles 1097 days, 16 hours, 31 minutes ago
Saturday, June 19, 2010 12:47:38 PM GMT Friday, June 18, 2010 9:09:16 AM GMT
HELLO WORLD While looking for a solution to this keygen thingy, I started a thread on Joels on Software. One guy named Rui came out with a really smart concept, so smart and simple that we didn’t think of it first (here) and I tell my ideas about the benefits of such approach here.  Then conversation goes on, I get moved and can’t help showing our love to our ... (more)
category: Smart Client | clicked: 0 | comment | | source: tabbles.net
tags: hacking, Security, tabbles, serial, keygen, Piracy
5
Shouts
spam Shout it Mute it

Creating Secure Strings
published 1099 days, 14 hours, 57 minutes ago posted by BlackWaspBlackWasp 1100 days, 4 hours, 41 minutes ago
Wednesday, June 16, 2010 10:42:58 AM GMT Tuesday, June 15, 2010 8:59:30 PM GMT
Highly confidential information, such as passwords or banking details, should be encrypted in memory during use to reduce the risk that it may be revealed to malware or forensic examination. The SecureString class provides this encryption automatically. (more)
category: How To | clicked: 0 | comment | | source: www.blackwasp.co.uk
tags: .NET, Security, C#
4
Shouts
spam Shout it Mute it

Piracy in .NET Code – Part 2 – Even when the code is obfuscated « Naveen's Blog
published 1114 days, 14 hours, 59 minutes ago posted by reshmireshmi 1115 days, 13 hours, 4 minutes ago
Tuesday, June 01, 2010 10:41:04 AM GMT Monday, May 31, 2010 12:36:18 PM GMT
Continuing with my previous post, one of the biggest security holes I have noticed in certain application is using unsecure Network I/O communication, especially when activating license. I have seen software where they have used the best tool to obfuscate the code, it is extremely hard to disassemble this. But lose out by invoking a web service with plaintext xml for registration and communication. Like I mentioned in my previous post, I am not going to be discussing on how to solve this problem. I have... (more)
category: Architecture | clicked: 0 | comment | | source: naveensrinivasan.wordpress.com
tags: Security, Obfuscation
4
Shouts
spam Shout it Mute it

OWASP Top 10 for .NET developers part 2: Cross-Site Scripting (XSS)
published 1121 days, 12 hours, 57 minutes ago posted by http://troyhunt.myopenid.com/http://troyhunt.myopenid.com/ 1122 days, 14 hours, 29 minutes ago
Tuesday, May 25, 2010 12:43:13 PM GMT Monday, May 24, 2010 11:11:21 AM GMT
In the first post of this series I talked about injection and of most relevance for .NET developers, SQL injection. This exploit has some pretty severe consequences but fortunately many of the common practices employed when building .NET apps today – namely accessing data via stored procedures and ORMs – mean most apps have a head start on fending off attackers. Cross-site scripting is where things begin to get really interesting, starting with the fact that it’s by far and away the most commonly exploi... (more)
category: Web Dev | clicked: 0 | comment | | source: www.troyhunt.com
tags: Security, XSS, OWASP
5
Shouts
spam Shout it Mute it

Data Security Scenarios on Azure - J.D. Meier
published 1125 days, 13 hours, 18 minutes ago posted by jantujantu 1126 days, 14 hours, 10 minutes ago
Friday, May 21, 2010 12:22:34 PM GMT Thursday, May 20, 2010 11:30:49 AM GMT
This is a draft of our data scenarios on Azure for your feedback.  It’s a whiteboard sketch of how to secure data as a service on Azure.As part of our patterns & practices Azure Security Guidance project, we’re putting together a series of Application Scenarios and Solutions.Our goal is to show the most common application scenarios on the Microsoft Azure platform.  This is your chance to give us feedback on whether we have the right scenarios, and whether you agree ... (more)
category: Architecture | clicked: 0 | comment | | source: blogs.msdn.com
tags: Cloud, Security, Azure
5
Shouts
spam Shout it Mute it

Troy Hunt: OWASP Top 10 for .NET developers part 1: Injection
published 1125 days, 13 hours, 18 minutes ago posted by http://troyhunt.myopenid.com/http://troyhunt.myopenid.com/ 1126 days, 22 hours, 30 minutes ago
Friday, May 21, 2010 12:22:34 PM GMT Thursday, May 20, 2010 3:09:56 AM GMT
There’s a harsh reality web application developers need to face up to; we don’t do security very well. A report from WhiteHat Security last year reported “83% of websites have had a high, critical or urgent issue”. That is, quite simply, a staggeringly high number and it’s only once you start to delve into to depths of web security that you begin to understand just how easy it is to inadvertently produce vulnerable code. Inevitably a large part of the problem is education. Oftentimes developers are simp... (more)
category: Web Dev | clicked: 4 | comment | | source: www.troyhunt.com
tags: Security, SQL Injection, OWASP
Previous 1 2 3 4 Next