|
|
|
Browse by Tags
-
I was fortunate to be able to tag team a talk at TechEd New Orleans with Aaron Skonnard this week, and I wanted to post my bits from the demos we did. There were three parts to my demo. The first part was where Aaron added in an attribute on his Presentation...
-
Even as Web Single Sign On is gaining more and more traction, there’s still churn. I would much prefer to isolate my application developers from the details of whatever library I happen to be using today to get details about my user. ASP.NET developers...
-
Get them here . Thanks to all who joined me - I had a great time in London! Be certain to redeem your Pluralsight On-Demand trial subscriptions, guys!
-
For those who were in my talk today, I mentioned that the SQL injection and XSS demos are actually labs that you can find on the Internet. Here's links to them. I built these for Patterns & Practices a few years ago. http://channel9.msdn.com/Wiki...
-
Thanks to Julie and David for inviting me to speak this past weekend in Denver. I hope I opened some eyes to the direction the industry is headed with identity and single sign on! You can find my slides here . For those who attended, don't forget...
-
Thanks for those of you who attended my talks last week in London. The ASP.NET Attack and Defence talk covered SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). The first two have downloadable demos and labs as part of...
-
I've been thinking a lot lately about password management. I'm not talking about how a user manages the myriad of passwords she's stuck with, but rather how a system (e.g., a website) should go about accepting, storing, and protecting the...
-
From Coding Horror , originally from CWE/SANS , this is a list that every developer should review from time to time. If you work on software in any capacity, at least skim this list. I encourage you to click through for greater detail on anything you're...
-
I recently published Self-Cert , a tool that makes it really easy to generate self-signed certificates using the CryptoAPI. What's nice about it is that it has a .NET class library underneath it that makes it easy to do this programmatically from...
-
Mike Woodring sent me an email today. He was concerned that a website that he frequents wasn't doing such a good job storing passwords. He pointed out that by clicking a button, you could get your password emailed back to you. After talking with someone...
-
IIS is currently rejecting self-signed certs made with the Self-Cert tool . Actually, you can install the cert into IIS, but when a client connects, IIS will refuse to set up the SSL tunnel. So far I believe the problem is that my certs aren't getting...
-
It's a bit of a pain to create self-signed certs using MAKECERT. So here's a GUI-based tool that uses a combination of the .NET Framework and the CryptoAPI to create self-signed X.509 certificates. And it's factored so that you can use the...
-
Today I spent some time exploring WLID's new SDK that allows you to support WLID authentication in a website of your own. I got it working pretty quickly in a test website, and it works quite nicely. So now I'm a bit curious. There's a section...
-
Over the last couple of years, I've worked on websites that support both HTTP and HTTPS, and it's always tricky to find a balance between security and usability. Dominick wrote an excellent article about this awhile back, suggesting that allowing...
-
For those who didn't attend PDC, the Zermatt identity framework has been re-code-named Geneva Framework so that it fits in with the Geneva family of products : Geneva Framework : a .NET class library called Microsoft.IdentityModel (basically it's...
|
|
|
|
|