Security am Sonntag: .NET Assembly Hijacking

Categories: ASP.NET, ASP.NET 2.0, German, Security.NET Posted by AlexanderZeitler on 7/16/2006 2:35 PM | Comments (0)

Rocky Heckman, seines Zeichens Security MVP, zeigt in dem Screen Recording "Assembly Hijacking" was man dank SQL Injection mit einer ASP.NET Website so alles anstellen kann (und das ausnahmsweise im negativsten aller Sinne).

Wenn man bedenkt, dass Chris bereits vor über 5 Jahren geeignete Gegenmittel mit .NET vorgestellt hat, ist es doch erstaunlich (genauer: erschreckend), wie häufig einem SQL Injection heute noch tagtäglich begegnet.

Currently rated 1.3 by 12 people

Currently 1.25/5 Stars.
1
2
3
4
5

Input Validation Training Modules

Categories: ASP.NET, ASP.NET 2.0, German, Security.NET, Threat Modeling Posted by AlexanderZeitler on 7/15/2006 10:40 PM | Comments (0)

Bei Channel9 gibt es die "Input Validation Training Modules", in welchen folgende (ASP.NET 2.0)Security-Themen in Screen Recordings (je ca. 5-10 Min. lang) behandelt werden:

Für jedes Thema steht der entsprechende Source-Code zum Download bereit sowie Links zu existierenden Microsoft Guidances zum jeweiligen Thema.

Currently rated 1.4 by 7 people

Currently 1.428571/5 Stars.
1
2
3
4
5

Enterprise Library Patch - Unterstützung für Partial Trust Umgebungen

Categories: Enterprise Library 2.0, ASP.NET 2.0, Books.NET, German, Security.NET Posted by AlexanderZeitler on 7/2/2006 9:52 AM | Comments (0)

Seit gestern ist ein Patch (2554) für die Enterprise Library 2.0 verfügbar, der es ermöglicht, Applikationen, die auf die Enterprise Library 2.0 aufsetzen, in Partial Trust laufen zu lassen.

Der Patch ist auf der neu eingerichteten Seite für Patches zur Enterprise Library (1.x + 2.0) verfügbar.

Wer sich mehr mit Partial Trust bzw. Code Access Security (CAS) auseinandersetzen möchte (das sollte eigentlich jeder tun ;-)), dem sei das Buch "Professional ASP.NET 2.0 Security, Membership, and Role Management" von Stefan Schackow empfohlen. Dieses Buch liefert nicht nur wichtige Informationen zur ASP.NET 2.0 Security, sondern erweitert auch das Verständnis von ASP.NET 2.0 allgemein, was z.B. bei der Fehlersuche ungemein helfen kann.

Currently rated 1.3 by 3 people

Currently 1.333333/5 Stars.
1
2
3
4
5

The Developer Highway Code

Categories: .NET Framework 2.0, Framework.NET, German, Patterns/Practices, Security.NET Posted by AlexanderZeitler on 4/25/2006 5:53 AM | Comments (0)

Unter dem Titel "The Developer Highway Code" hat Microsoft UK ein PDF für Entwickler bereitgestellt, in dem die folgenden Themen behandelt werden:

Integrating Security into the Lifecycle
Security Objectives
Web Application Security Design
Threat Modelling
Security Architecture and Design
Security Code Review
Security Deployment Review

Berücksichtigt werden .NET 1.1 und 2.0.

Currently rated 3.0 by 5 people

Currently 3/5 Stars.
1
2
3
4
5

The Ultimate Asp.net 2.0 Security, Role, Membership and Profile Provider List V1.0

Categories: .NET Framework 2.0, German, Security.NET Posted by AlexanderZeitler on 3/31/2006 5:42 AM | Comments (0)

Arno Nel hat eine extrem umfangreiche Liste verfügbarer Artikel zu ASP.NET 2.0 Security, Rolemanagement und Membership sowie Provider zusammengestellt.

Wer hier nichts findet, ist selbst schuld ;-)

Currently rated 3.0 by 5 people

Currently 3/5 Stars.
1
2
3
4
5

Microsoft ASP.NET 2.0 Member/Role Management with IIS

Categories: ASP.NET 2.0, Security.NET Posted by AlexanderZeitler on 1/10/2006 7:11 AM | Comments (0)

In a two-part (1, 2) article series @MSDN Peter Kellner shows how to build a ASP.NET 2.0 Membership Editor for admin purposes.

[click to enlarge]

Be the first to rate this post

Currently 0/5 Stars.
1
2
3
4
5

Security Guidance Blog for .NET Framework 2.0

Categories: Patterns/Practices, Security.NET Posted by AlexanderZeitler on 10/26/2005 6:57 PM | Comments (0)

The pattern's and practices team has launched the Security Guidance Blog for .NET Framework 2.0.

Be the first to rate this post

Currently 0/5 Stars.
1
2
3
4
5

patterns & practices Security Engineering Explained

Categories: Patterns/Practices, Security.NET Posted by AlexanderZeitler on 10/24/2005 5:15 PM | Comments (0)

"This download describes the patterns & practices Security Engineering approach that can be used to integrate security into your application development life cycle. The Security Engineering approach contains activities for identifying security objectives, applying secure design guidelines, creating threat models, conducting security architecture and design reviews, performing security code reviews, security testing, and conducting security deployment reviews."

Download patterns & practices Security Engineering Explained pdf file.

Be the first to rate this post

Currently 0/5 Stars.
1
2
3
4
5

Patterns & practices ASP.NET 2.0 Security Guidance

Categories: ASP.NET 2.0, Patterns/Practices, Security.NET Posted by AlexanderZeitler on 10/2/2005 8:08 PM | Comments (0)

The whole world seem's to work with ASP.NET 2.0 already. But do they care about ASP.NET 2.0 security?

If you want to care about ASP.NET 2.0 security, you should read the patterns & practices ASP.NET 2.0 Security Guidance Microsoft released nearly one month ago.

Currently rated 1.5 by 2 people

Currently 1.5/5 Stars.
1
2
3
4
5

patterns & practices Security Guidance for .NET Framework 2.0

Categories: .NET Framework 2.0, Patterns/Practices, Security.NET Posted by AlexanderZeitler on 8/29/2005 10:47 PM | Comments (0)

This page explains the rationale behind the patterns & practices Security Guidance for .NET Framework 2.0 project and provides an index into the guidance. You can use the guidance referenced on this page to improve both the security of your applications and your approach to building secure applications.

Be the first to rate this post