.NET news » Security

You always read how cookies play an important role in the security of a web application. Cookies have several uses in web applications, for instance ASP.NET itself uses cookies to identify a session, some sites use cookies to implement the feature of "remember me" when you log in to their site, other sites save user preferences in cookies. I am going to talk briefly about cookies and what makes them vulnerable to attacks, I will give some example of how cookies can be abused and finally I will talk about what we need to do to make our cookies bullet proof to defeat each one of the vulnerabilities.

In this article we start with a look at the T-SQL commands for performing asymmetric encryption and decryption. Next, we discuss using digital signatures as a means for ensuring the integrity of the encrypted data. This article concludes with an ASP.NET 2.0 website example that ties together the lessons learned throughout this article series. Specifically, the database used by this ASP.NET application stores customer information with the customer's credit card information encrypted. An ASP.NET page provides a means to view the sensitive information in plaintext as well as a means to add new customers to the database with the credit card information properly encrypted.

This article describes how to get information about digital certificates stored on your local machine. It also shows how to search certificate by name and retrieve certificate hash.

As the attacks in which hackers use become more and more sophisticated, and the programs in which they attack become increasingly complex, encryption is becoming the last line of defense in database management system (DBMS) security.

In this article we will look at how, specifically, to encrypt the data in a SQL Server 2005 database using symmetric encryption techniques. We'll start with examining the facilities for managing keys in SQL Server and then explore symmetric encryption in SQL Server 2005.

As the attacks in which hackers use become more and more sophisticated, and the programs in which they attack become increasingly complex, encryption is becoming the last line of defense in database management system (DBMS) security. Since Microsoft announced their Trustworthy Computing security initiatives four years ago, the industry has been waiting to see how these initiatives would be implemented in upcoming products. With the introduction of Microsoft's newest DBMS, SQL Server 2005, it does indeed seem as though they have provided what they have promised.

What follows is a two-part article series that provides an in-depth examination of encrypting data in SQL Server 2005. In this article we will exploring key challenges facing database systems and the motivations for providing robust encryption mechanisms directly within the database system. We will also look at encryption fundamentals and SQL Server 2005's encryption capabilities.

A simple, string-oriented class for symmetric encryption, asymmetric encryption, and hashing.

This article teaches you how to disable and enable your windows firewall programatically

The labyrinth of security features for WCF is intricate and at times even overwhelming. At its core, however, are a basic set of security principals for authentication, authorization, and message transfer protection.

Explains advantages of using application domains features in .NET. Include two Visual Studio .NET sample projects with source code.

Starting with version 1.1, ASP.NET preprocesses any posted data (forms and query string), looking for suspicious combinations of characters that may be exploited by XSS attackers. But this barrier is not a silver bullet and you have to take responsibility. If your pages use query string parameters, you need to ensure that they are properly validated before use. How do you do that?

In this column, I build an HTTP module that reads an XML file where you have hardcoded the expected structure of the query string. The module then validates the query string of any requested page against the given schema. And you don't need to touch the code of any page.