Monthly Archives: March 2005

CompuWare Security Checker/Fault Simulator Roadshow

From april to june I will do a roadshow together with Compuware’s Kurt Aigner focusing on application security/quality assurance in the development cycle. We will kick off with a more general talk about secure development best-practices and threat modelling and after that … Continue reading

Posted in Uncategorized | Leave a comment

The Subtleties of Impersonation

Two new posts on the excellent blog of Shawn Farkas talk about how to securely impersonate, and that a simple try/finally will not do it. extremely recommended. UPDATEShawn shows a more elegant solution (besides that he uses vb.net :) leveraging anonymous … Continue reading

Posted in Uncategorized | Leave a comment

The Future of AzMan?

I wrote a lot about Authorization Manager in the past, and i really believe that this piece of technology is extremely useful to virtualize your authorization decisions in complex applications. Everytime I demo AzMan to customers or students, they really like the … Continue reading

Posted in Uncategorized | Leave a comment

Partial Trust ASP.NET on MSDN TV

to get an overview  

Posted in Uncategorized | Leave a comment

CAS?

Are you using Code Access Security? Keith Brown asks this question on his blog – comment on his entry and your experiences may be incorporated in future articles on the msdn security / smart client developer area. Be sure to … Continue reading

Posted in Uncategorized | Leave a comment

Pierre Nallet

fellow DMer pierre has a blog now. subscribed.  

Posted in Uncategorized | Leave a comment

Security Advisory: Log File Path Predictability in dasBlog Community Edition

dasBlog stores log files in known subdirectories of the blog site, e.g. http://www.site.com/logs/2005-01-20.events.log or http://www.site.com/logs/2005-01-20.events.zip With a default installation (as provided by the installation instructions) these files can be downloaded anonymously and can leak information about your site. Workaroundremove read ACLs … Continue reading

Posted in Uncategorized | Leave a comment