Vulnerability in .NET AES puts ASP.NET Web Sites at Risk(securitythroughabsurdity.com)

submitted by j.monty(1868) 1 year, 8 months ago

ASP.NET web applications that leverage Forms Authentication, ASP.NET Membership Providers, ASP.NET Role Providers, and/or ViewState encryption are vulnerable to data exposure and potentially tampering. This vulnerability can lead to the .NET MachineKey being discovered by attackers. This post briefly details the issue and provides a simple temporary mitigation technique. read more...

2 comments |category: Security |Views: 370

tags: aes vulnerability encryption Security ASP.NET another

Smart Card Authentication Module Update - added Support for Membership(securitythroughabsurdity.com)

submitted by j.monty(1868) 2 years ago

This is a follow-on update on how to implement non-Active Directory Integrated Smart Card / Client Certificate Authentication with ASP.NET using Http Modules. This long overdue version adds support for ASP.NET Membership, Roles, and Profiles. read more...

add a comment |category: ASP.NET |Views: 193

tags: SmartCard Roles Authentication ASP.NET Membership another

Session Attacks and ASP.NET - Part 2(blogs.sans.org)

submitted by j.monty(1868) 2 years, 11 months ago

In Session Attacks and ASP.NET - Part 1, I introduced one type of attack against the session called Session Fixation as well as ASP.NET's session architecture and authentication architecture. In this second post, I'll delve into a couple specific attack scenarios, cover risk reduction, and countermeasures specific to ASP.NET for protecting against session attacks in ASP.NET read more...

add a comment |category: Security |Views: 324

tags: Session Authentication Security ASP.NET another

Session Attacks and ASP.NET - Part 1(blogs.sans.org)

submitted by j.monty(1868) 2 years, 11 months ago

I’ve spent some time recently looking for updated information regarding session attacks as they apply to ASP.NET and am still not completely satisfied with how Microsoft has decided to implement session management in ASP.NET 2.0+. Part 1 explores ASP.NET session management, authentication, and session attacks against ASP.NET with a comparison of how ASP.NET stacks up against mitigation techniques against these attacks. read more...

add a comment |category: Security |Views: 396

tags: Session Authentication Security ASP.NET another

Security Vulnerability of the Week #1: SQL Injection(securitythroughabsurdity.com)

submitted by j.monty(1868) 3 years, 2 months ago

This article begins a semi-regular series that will explores the most common vulnerabilities and the mind-set of the developers that create them and also explore how to deal with them. The first post in the series takes a look at the OWASP top number 2 vulnerability, Injection (specifically SQL Injection) - which has been a known and solved problem for over 10+ years, yet for some reason, it's still as common as ever. read more...

1 comment |category: Security |Views: 276

tags: Injection OWASP Security SQL another

Pocket DnDns Release(securitythroughabsurdity.com)

submitted by j.monty(1868) 3 years, 5 months ago

DnDns, a .NET DNS resolver library completely implemented in managed code ported to the Compact Framework. Pocket DnDns also comes with a basic GUI application that allows a variety of DNS Lookups of various record types from your Compact Framework supported portable devices. Source Code is also available under the New BSD License. read more...

add a comment |category: Compact Framework |Views: 4

tags: dns protocol wince mobile OpenSource another

Asp.Net AJAX Client Side Templated Data Bound Control(gabe19.blogspot.com)

submitted by jeffesp(25) 3 years, 9 months ago

A server control that allows you to specify header, item, and footer templates for a basic data list that will be bound on the client based on either a given web service method, or on a data-source provided client side. The templates are rendered server-side before being passed to the client behavior which allows you to use other server-side controls in the development of the templates. read more...

add a comment |category: AJAX |Views: 22

tags: AJAX another

DnDns - A .NET DNS Client Library (Resolver) (choosing-a-blog-url-sucks.blogspot.com)

submitted by j.monty(1868) 4 years, 3 months ago

A DNS protocol library written completely in managed code. Supports common DNS records types like A, CNAME, MX, SRV, and more. read more...

2 comments |category: Open Source |Views: 284

tags: dns protocol networking OpenSource C# another

Exploring the secrets of intermediate materialization(sqlblog.com)

submitted by jmbledsoe(460) 4 years, 3 months ago

Looks like a good trick for tuning certain SQL queries. read more...

add a comment |category: Database |Views: 13

tags: Database another

.NET Framework Library Source Code now available(weblogs.asp.net)

submitted by dalziel(6230) 4 years, 4 months ago

Scott Guthrie announces that the .NET framework source code can now accessed in Visual Studio read more...

1 comment |category: Visual Studio |Views: 90

tags: Pick VisualStudio ScottGuthrie another

K2 Underground Launches!(choosing-a-blog-url-sucks.blogspot.com)

submitted by j.monty(1868) 4 years, 11 months ago

SourceCode Technology Holdings has launched an upgrade to their community site called 'K2 Underground' as the next version of their K2.net product codenamed K2 [blackpearl] nears completion. read more...

add a comment |category: Windows Workflow Foundation |Views: 1

tags: another

TableAdapterManager in ADO.NET Orcas(blogs.atgi.com)

submitted by jmbledsoe(460) 5 years ago

A description of the new TableAdapterManager for DataSets in Visual Studio Orcas, as well as a data-access framework that enables similar function now. read more...

add a comment |category: ADO.NET |Views: 60

tags: Orcas .net3.5 ADO.NET VisualStudio another

ADO.NET Entity Framework cut from .NET 3.5/Orcas(weblogs.asp.net)

submitted by tomasr(480) 5 years ago

As Frans Bouma reports, it appears that the ADO.NET EF is being cut from orcas and moved to 2008 as an orcas update... read more...

add a comment |category: ADO.NET |Views: 5

tags: EntityFramework 2008 .net3.5 ADO.NET Orcas another

Implementing SmartCard Authentication with ASP.NET (choosing-a-blog-url-sucks.blogspot.com)

submitted by j.monty(1868) 5 years, 1 month ago

This is my 9 page follow-up article on how to implement non-Active Directory Integrated Smart Card Authentication with ASP.NET using Http Modules. read more...

add a comment |category: Security |Views: 412

tags: Authentication SmartCard Security ASP.NET another

Overview of WCF/SOA(gabe19.blogspot.com)

submitted by jmbledsoe(460) 5 years, 1 month ago

An introduction to and overview of SOA, the WS-* specifications, and how WCF makes them accessable to .NET developers. Material is rooted in Juval Lowy's presentations at SD West 2007. read more...

add a comment |category: Architecture |Views: 2796

tags: SOA WCF another

Teamprise now free to Codeplex users(woodwardweb.com)

submitted by yesthatmcgurk(4063) 5 years, 2 months ago

Teamprise, a TFS client package for OSS users (Eclipse and other IDEs on Mac/Linux/&c) is now free for users who host their projects on Codeplex. read more...

add a comment |category: Team System |Views: 1

tags: Teamprise TFS CodePlex another