Why software isn't secure(www.threenine.co.uk)

submitted by threenine39(329) 4 months, 20 days ago

High level view of what happens on software projects that leads to software insecurity read more...

add a comment |category: Security |Views: 4

tags: Security another

Security in Software(www.dotnetblocks.com)

submitted by DotNetBlocks(393) 8 months, 27 days ago

The term security has many meanings based on the context and perspective in which it is used. Security from the perspective of software/system development is the continuous process of maintaining confidentiality, integrity, and availability of a system, sub-system, and system data. This definition at a very high level can be restated as the following: Computer security is a continuous process dealing with confidentiality, integrity, and availability on multiple layers of a system. read more...

add a comment |category: Security |Views: 1

tags: Security another

The padlock icon must die(www.troyhunt.com)

submitted by troyhunt(831) 10 months, 7 days ago

What do you think of when you see the padlock icon on a webpage? You're probably thinking something along the lines of "it means the page is secure". The more tech savvy among you may suggest that it means HTTPS has been used to encrypt the content in transit. The problem is that it doesn't mean anything of the kind. In fact it had absolutely nothing to do with website security. And therein lies the problem – the padlock lies to us, it implies things that it is not and it's downright misleading. read more...

add a comment |category: Security |Views: 2

tags: Security another

Secure user authentication with one way password hash(galratner.com)

submitted by galratner(334) 10 months, 20 days ago

eeping users passwords in your database is a part of almost every application, yet securing passwords is rarely being done correctly. I recently read an article by Coda Hale about the ineffectiveness of password salts. Coda Suggested using bcrypt to store passwords. He reasoned his argument by explaining bcrypt is extremely slow to compute, therefore making it slow to hack. I completely agree, however, I wanted to add another way of safely storing passwords in a more conventional way by hiding the salt in the hash. The idea wasn’t mine. It belongs to a DBA named Scott Hulberg. It’s pretty simple and for the sake of this blog post I am not going to implement it completely. I am going to prepend the salt to the password hash, making it invisible to a hacker. You can go further by writing an algorithm to plant the salt in the hash array as you see fit. Since the only way to match a one way hashed password is to use the salt we used to generate this hash, if a hacker cannot get to the salt, they cannot retrieve the original password. Let’s begin by composing the method to create our hash and prefix it with the salt: read more...

add a comment |category: Security |Views: 5

tags: Security another

Getting up and started with the Windows Phone Developer Tools 7.1 Beta(michaelcrump.net)

submitted by mbcrump(1034) 10 months, 26 days ago

Windows Phone Developer Tools 7.1 Beta 2 was released on 6/29/2011. Are you ready for it? If not then let my guide help you get your system prepared and go through a few new features. Download links: Web Installer of Windows Phone 7.1 Beta 2 SDK ISO Image of Windows Phone 7.1 Beta 2 SDK - (723 MB) To get started you are going to need to remove the previous version of your Windows Phone Developer Tools 7.1 Beta 1. read more...

add a comment |category: Security |Views: 3

tags: Security another

Windows Phone 7 vs Windows Phone Mango: Getting Device Information(www.windowsphonegeek.com)

submitted by winphonegeek(2187) 11 months, 3 days ago

Windows Phone 7 vs Windows Phone 7.1 Mango: Getting Device Information read more...

add a comment |category: Security |Views: 4

tags: Security another

RSA private key import from PEM format in C#(khason.net)

submitted by tamir(580) 11 months, 12 days ago

Source code and explanations about how to use asymmetric encryption for mutual authenticated SSL protocol by importing and using RSA OpenSSL private keys and client certificates into C#.NET application. read more...

add a comment |category: Security |Views: 17

tags: Security another

A brief Sony password analysis(www.troyhunt.com)

submitted by troyhunt(831) 11 months, 20 days ago

So the Sony saga continues. As if the whole thing about 77 million breached PlayStation Network accounts wasn’t bad enough, numerous other security breaches in other Sony services have followed in the ensuing weeks, most recently with SonyPictures.com where a significant portion of the database was publicly disclosed a few days back. With all this customer data now unfortunately out there for public viewing, I thought it would be interesting to do some analysis on password practices. There are some rather alarming (although not entirely surprising) findings including: 36% of passwords appear in a common password dictionary. 50% of passwords are 7 characters or less. 67% of accounts on both Sony and Gawker use the same password. 82% of passwords are lowercase alphanumeric of 9 characters or less. 99% of passwords don’t contain a single non-alphanumeric character. read more...

add a comment |category: Security |Views: 1

tags: Security another

Bad passwords are not fun and good entropy is always important(www.troyhunt.com)

submitted by troyhunt(831) 1 year, 1 month ago

A couple of different friends sent me over a link to an article about the usability of passwords this weekend, clearly thinking it would strike a chord. Well, let’s just say I was enthralled before I even finished the second line: "Security companies and IT people constantly tells us that we should use complex and difficult passwords. This is bad advice" The crux of the article is that so long as a password is sufficiently long – the example used is “this is fun” – you’re pretty damn secure (apparently 11 characters is just right). Actually, the term used was "secure forever". Wow, two pretty absolute terms. So let’s take a look at these and apply a bit of objective analysis to see if they hold water. Does a brute force attack really only run at 100 attempts per second? Is "this is fun" really 10 times more secure than "J4fS<2"? Do rainbow tables really work by an attacker copying and pasting a hash into a website? Are bad password management practices on the server really not your problem? read more...

add a comment |category: Security |Views: 2

tags: Security another

SQL Injection vs. Lethal Injection / Protection Against SQL Injection(www.tugberkugurlu.com)

submitted by tugberk(104) 1 year, 2 months ago

SQL Injection and Lethal Injection... They are both dangerous and they can be easily fatal. But how? What is SQL Injection and how it can effect my project? The answers are in this blog post. read more...

add a comment |category: Security |Views: 5

tags: Security another

Windows Impersonation for .Net Made Easy(www.azchatfield.net)

submitted by azmchat(10) 1 year, 5 months ago

Created a class that makes Windows Identity Impersonation easier. read more...

add a comment |category: Security |Views: 4

tags: Security another

.NET Encryption - Part 1(geeklyeverafter.blogspot.com)

submitted by brunomarques(284) 1 year, 6 months ago

First article of a series covering .NET Encryption. This first article offers a brief overview of concepts like symmetric, asymmetric encryption and hashing read more...

add a comment |category: Security |Views: 5

tags: Security another

Securing a Web Site(www.infosecwriters.com)

submitted by schalkvanwyk(1335) 1 year, 8 months ago

A guid to securing a web site by Erik Evans. read more...

add a comment |category: Security |Views: 4

tags: Security another

Code Access Security Cheat Sheet(geeklyeverafter.blogspot.com)

submitted by brunomarques(284) 1 year, 8 months ago

A free and simple cheat sheet about .NET Code Access Security, more specifically about the declarative and imperative way of dealing with permissions. read more...

add a comment |category: Security |Views: 5

tags: Security another

X.509 Certificates in .NET(www.codeproject.com)

submitted by schalkvanwyk(1335) 1 year, 8 months ago

This tutorial explains all about X.509 certificates and its current formats and shows how it can be implemented in .NET environment. read more...

add a comment |category: Security |Views: 14

tags: Security another

Using Makecert to Create Certificates for Development(www.digitallycreated.net)

submitted by schalkvanwyk(1335) 1 year, 8 months ago

When I first needed to use certificates to secure my WCF service, I didn't really understand how certificates worked, how to create them, and where they go. A lot of the tutorials on the web just give you a raw makecert command that you black-box and trust works to create your certificate. But do you really know what it's doing? read more...

add a comment |category: Security |Views: 22

tags: Security another