.NET news » Security Security Rss Feed

Regular Expression Denial of Service Attacks and Defenses

Microsoft security expert Bryan Sullivan believes denial-of-service blackmail attacks will become more common as privilege escalation attacks become more difficult to execute. He demonstrates how to protect your apps against regular expression DoS threats.
2 May 2010, 19:00:00   Source: Regular Expression Denial of Service Attacks and Defenses   Tags: Security

Silverlight Security: Securing Your Silverlight Applications

Josh Twist explains the unique challenges developers face in securing Silverlight applications. He shows where to focus your efforts, concentrating on the key aspects of authentication and authorization.

How to Access and Encrypt Your Files via Windows Forms

The purpose of this article is demonstrate how to build a Windows Forms application that encrypts files through the use of the RijndaelManaged class, a symmetric algorithm, which is used to encrypt and decrypt data by using its automatically generated Key and IV. Encryption involves the creation of a cipher (an algorithm) that takes data and a generated key as its input. The algorithm will behave in accordance with the length of the key. A symmetric algorithm is one that uses the same key to both decrypt and encrypt the data file. In our case, we will use the RSACryptoServiceProvider, an asymmetric algorithm, to encrypt and decrypt the key to the data encrypted by RijndaelManaged…
23 Apr 2010, 04:32:00   Source: How to Access and Encrypt Your Files via Windows Forms   Tags: Examples Security

Using AppDomains to Build Reliable Systems

The first step to building reliable systems is to accept that it is impossible. Instead, we will attempt to build a more reliable system from a collection of smaller unreliable components. The idea is to manage failure rather than pursue an impossible perfection. Find out how.
13 Jul 2008, 13:24:00   Source: Using AppDomains to Build Reliable Systems   Tags: Security

.NET Internals and Native Compiling

An article about .NET internals and native compiling.
30 May 2008, 15:11:00   Source: .NET Internals and Native Compiling   Tags: Security

.NET Role-Based Security in a Production Environment

Edit web.config to Update the Data Provider for Shared Hosting with Role-Based Security: SQL Server, ODBC, Active Directory, ADAM, SQLite, MySQL, Access, XML
19 May 2008, 05:04:00   Source: .NET Role-Based Security in a Production Environment   Tags: ASP.NET Security

RSA Cryptographic Key Interoperability

Import and Export RSA Keys in PKCS#8 and X.509 Format using Crypto++, C#, and Java
23 Apr 2008, 01:57:00   Source: RSA Cryptographic Key Interoperability   Tags: Security

Building Personalized Applications on the Windows Live ID Platform

Do you have a cool personalized application that you want to offer to over 400 million users? Do you want to light it up with Live controls or create a mashup with Live resources?Windows Live ID now offers a simple way for third parties to get Live ID authentication in your Web or rich client applications, letting you reach millions of Live ID users, integrate with Live Controls, and access Live services.

Never Write an Insecure ASP.NET Application Ever Again

Learn to take advantage of the inner workings of ASP.NET's security model to help eliminate security vulnerabilities from your web applications.
10 Mar 2008, 20:14:26   Source: Never Write an Insecure ASP.NET Application Ever Again   Tags: ASP.NET Security

Never Write an Insecure ASP.NET Application Ever Again

One of the most important security principles for software development is least privilege. Simply put, least privilege means that an application, process, or user should have the least access to resources required to accomplish a task and no more. By following this principle, even if your application is attacked or a user goes on the payroll of your nastiest competitor, you'll have limited the potential damage. Bottom line: implementing partial trust in ASP.NET is the single biggest thing you can do to make your applications secure.
27 Dec 2007, 18:00:00   Source: Never Write an Insecure ASP.NET Application Ever Again   Tags: ASP.NET Security