.NET news » Security Security Rss Feed

.NET Security and Cryptography (Integrated .NET Series from Object Innovations)
Authors: Peter Thorsteinson, G. Gnana Arun Ganesh
Average rating: 4.5 / 3
(3 reviews)
More .NET Security books
download
An Overview of Cryptographic Systems and Encrypting Database Data

As the attacks in which hackers use become more and more sophisticated, and the programs in which they attack become increasingly complex, encryption is becoming the last line of defense in database management system (DBMS) security. Since Microsoft announced their Trustworthy Computing security initiatives four years ago, the industry has been waiting to see how these initiatives would be implemented in upcoming products. With the introduction of Microsoft's newest DBMS, SQL Server 2005, it does indeed seem as though they have provided what they have promised.

What follows is a two-part article series that provides an in-depth examination of encrypting data in SQL Server 2005. In this article we will exploring key challenges facing database systems and the motivations for providing robust encryption mechanisms directly within the database system. We will also look at encryption fundamentals and SQL Server 2005's encryption capabilities.

.NET Encryption Simplified
A simple, string-oriented class for symmetric encryption, asymmetric encryption, and hashing.
29 Jan 2007, 04:17:00   Source: .NET Encryption Simplified   Tags: Security
Programatically disable/enable windows firewall
This article teaches you how to disable and enable your windows firewall programatically
24 Jan 2007, 18:29:00   Source: Programatically disable/enable windows firewall   Tags: Security
Fundamentals of WCF Security
The labyrinth of security features for WCF is intricate and at times even overwhelming. At its core, however, are a basic set of security principals for authentication, authorization, and message transfer protection.
16 Jan 2007, 20:31:58   Source: Fundamentals of WCF Security   Tags: Security
.NET Application Domains
Explains advantages of using application domains features in .NET. Include two Visual Studio .NET sample projects with source code.
15 Jan 2007, 11:46:05   Source: .NET Application Domains   Tags: Security
Support Certificates In Your Applications With The .NET Framework 2.0
Certificates are used in many places across the Microsoft .NET Framework, from secure communication to code signing to security policies. The .NET Framework 2.0 introduced revamped support for certificates and it added a completely new namespace for standards-compliant cryptographic operations with certificates. In this article, I will discuss the background for certificates and the Windows Certificate Store. I'll also show you how to work with the certificate APIs and how they are used by the Framework to implement security features.
14 Jan 2007, 18:00:00   Source: Support Certificates In Your Applications With The .NET...   Tags: Security
Validating ASP.NET Query Strings

Starting with version 1.1, ASP.NET preprocesses any posted data (forms and query string), looking for suspicious combinations of characters that may be exploited by XSS attackers. But this barrier is not a silver bullet and you have to take responsibility. If your pages use query string parameters, you need to ensure that they are properly validated before use. How do you do that?

In this column, I build an HTTP module that reads an XML file where you have hardcoded the expected structure of the query string. The module then validates the query string of any requested page against the given schema. And you don't need to touch the code of any page.

14 Jan 2007, 18:00:00   Source: Validating ASP.NET Query Strings   Tags: ASP.NET Security
Securing Text Data in .NET
Discussion of securing text in an application. The example project contains a SecureString wrapper to make working with SecureString easier, and a textbox that directly manipulates a SecureString.
7 Dec 2006, 23:54:00   Source: Securing Text Data in .NET   Tags: Security VB.NET
Tips on Using Protocol Transition
Now that Windows Server 2003 is widely deployed, Keith Brown addresses questions from readers who are trying to use protocol transition to build secure gateways into their intranets.
21 Nov 2006, 18:00:00   Source: Tips on Using Protocol Transition   Tags: Security
Microsoft Anti-Cross Site Scripting Library V1.5
Cross-site scripting attacks are platform and browser independent, and can allow malicious users to perform malicious actions such as gaining unauthorized access to client data like cookies or hijacking sessions entirely. Simple steps that developers can take to prevent XSS attacks in their ASP.NET applications include doing the following: 1. Validating and constraining input 2. Encoding output For defense in depth, developers may wish to use the Microsoft Anti-Cross Site Scripting Library to encode output. This library differs from most encoding libraries in that it uses the "principle of inclusions" technique to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The principle of inclusions approach provides a high degree of protection against XSS attacks and is suitable for Web applications with high security requirements.
20 Nov 2006, 18:04:46   Source: Microsoft Anti-Cross Site Scripting Library V1.5   Tags: ASP.NET Security