Official BlogEngine.NET Security Patch(dotnetblogengine.net)

submitted by rimsystems(6119) 4 years, 1 month ago

Over the weekend, we were alerted to a security flaw in BlogEngine.NET 1.3.0.0. We have created a new release 1.3.1.0 which corrects this issue and are making a patch available here for users running 1.3.0.0. For those people running development version of BlogEngine.NET (from the source tab on CodePlex), please note that the latest release 1.3.0.29 has the security fix as well. read more...

4 comments |category: Security |Views: 4

tags: Security another

Massive BlogEngine.Net Security Hole - Fix Provided(dannydouglass.com)

submitted by TroyMG(2670) 4 years, 1 month ago

A massive security hole in BlogEngine.net was just revealed that allows anyone to see your passwords... Danny Douglass explains the issue and provides a patched BlogEngine.Core assembly to resolve the issue until the next release of BlogEngine is available. read more...

4 comments |category: Security |Views: 63

tags: BlogEngine.NET DannyDouglass BlogEngine Security Hack another

A .NET Cryptography Primer, part 1(statestreetgang.net)

submitted by yesthatmcgurk(4063) 4 years, 1 month ago

First in a series of blog posts geared towards .NET developers with not much experience in Cryptography, concentrating more on code than on theory. First installment covers managed/unmanaged and encodings. read more...

9 comments |category: Security |Views: 15

tags: base64 CryptoAPI Base16 Encoding Security another

ASP.NET Security : 2- More Basics(amrelsehemy.net)

submitted by AmrElsehemy(2585) 4 years, 2 months ago

Basic information on how the IIS worker process takes an identity to run within, IIS 5 and 6 process models. read more...

add a comment |category: Security |Views: 9

tags: ASP.NET Security another

ASP.NET Security : 1- Basics(amrelsehemy.net)

submitted by AmrElsehemy(2585) 4 years, 2 months ago

how the Identity of the thread executing a website in IIS is determined read more...

add a comment |category: Security |Views: 3

tags: Security another

Lock Down SQL Server 2005(duartes.org)

submitted by gustavod(775) 4 years, 3 months ago

This article teaches you how to lock down a SQL Server 2005 installation. A step-by-step procedure is given along with the concepts behind it. It includes a world-accessible SQL2005 shell to let you experiment with a hardened database. Two SQL scripts are provided to automate hardening. read more...

3 comments |category: Security |Views: 95

tags: SQLServer Security another

OpenID implementation in C# and ASP.NET(blog.madskristensen.dk)

submitted by dscoduc(1099) 4 years, 4 months ago

Interested in adding OpenID to your .NET website? read more...

3 comments |category: Security |Views: 378

tags: Pick OpenID ASP.NET C# Security another

New code protection and licensing solution from Microsoft(vitalygorn.com)

submitted by vitaly(740) 4 years, 6 months ago

Microsoft recently shipped several products that form a new software family called SLP Services. It’s aimed to help software vendors tighten security of their code and ease development of licensing infrastructure (effectively allowing to skip that step). New solution based on several new concepts – “SKU Agility”, “Code Transformation”, SVM (Secure Virtual Machine) and SVML (Secure Virtual Machine Language). read more...

add a comment |category: Security |Views: 4

tags: Security another

BCrypt.net - Strong Password Hashing for .NET and Mono(derekslager.com)

submitted by derekslager(420) 4 years, 7 months ago

A managed implementation of BCrypt, OpenBSD's Blowfish-based adaptive password hashing scheme. read more...

add a comment |category: Security |Views: 218

tags: Security another

You're Probably Storing Passwords Incorrectly(codinghorror.com)

submitted by sirrocco(800) 4 years, 8 months ago

The web is nothing if not a maze of user accounts and logins. Almost everywhere you go on the web requires yet another new set of credentials. Unified login seems to elude us at the moment, so the status quo is ... read more...

add a comment |category: Security |Views: 8

tags: Security CodingHorror encryption password another

Rainbow Hash Cracking(codinghorror.com)

submitted by gavinjoyce(25.7k) 4 years, 8 months ago

The multi-platform password cracker Ophcrack is incredibly fast. How fast? It can crack the password "Fgpyyih804423" in 160 seconds. Most people would consider that password fairly secure.... read more...

add a comment |category: Security |Views: 8

tags: CodingHorror Ophcrack Security Passwords another

The most common software security mistakes(barmagy.com)

submitted by Fady(275) 4 years, 8 months ago

Through my humble experience with software development I’ve seen developers making fetal security mistakes without even feeling that they are doing something wrong. So I’ve decided to gather these common mistakes in a list so it would be easier to avoid. Through this article I will give examples regardless to the used technology but the concepts applies to all technologies. So here we go read more...

2 comments |category: Security |Views: 11

tags: Security another

Don’t rely on obfuscation(barmagy.com)

submitted by Fady(275) 4 years, 9 months ago

A white paper demonstrating the weaknesses of managed code obfuscation known protection techniques read more...

add a comment |category: Security |Views: 9

tags: Reverse Obfuscation Cracking Security Engineering another

Don't be a loser, log on as a regular user(codinghorror.com)

submitted by yesthatmcgurk(4063) 4 years, 11 months ago

Great post at CodingHorror about the horrors that can befall you as an Administrator. All children, older people, and everybody who isn't paid to be an administrator should be members of the Users group. Why aren't you? read more...

add a comment |category: Security |Views: 2

tags: Security another

Does Web Software Need a 'Check Engine' Light?(stevenharman.net)

submitted by ussherm(5285) 5 years ago

All software has bugs, and web applications are no exception. Is it time to add auto-update or at least a warning light to web applications so users will keep them updated? read more...

1 comment |category: Security |Views: 1

tags: StevenHarman Web Security another

Implementing SmartCard Authentication with ASP.NET (choosing-a-blog-url-sucks.blogspot.com)

submitted by j.monty(1868) 5 years, 1 month ago

This is my 9 page follow-up article on how to implement non-Active Directory Integrated Smart Card Authentication with ASP.NET using Http Modules. read more...

add a comment |category: Security |Views: 412

tags: Authentication SmartCard Security ASP.NET another