Monthly Archives: March 2006

Security DevDays 2006

Im Rahmen der DevDays werde ich im Mai zusammen mit Sebatian Weber Vorträge über den Praxis-Einsatz der Security Features von .NET 2.0 halten. Mein Fokus wird dabei auf der Integration in die Windows Security Infrastruktur, sichere Netzwerk Authentifizierung und Kommunikation sowie das Schützen … Continue reading

Posted in Uncategorized | Leave a comment

Angreifen von Windows- und Web-Anwendungen

Dinis ist ein alter Hase im Application Security Bereich – sehr unterhaltsames Video über Sicherheits-Schwächen in Anwendungen. Interessant wie .NET Security von einem der Hardliner der Szene gesehen wird. Sehr empfehlenswert. http://www.roadtowinfx.com/ddd/2005-10-22_DeveloperDay_session06.wmv  

Posted in Uncategorized | Leave a comment

Viewing SecurityExceptions

This problem yesterday lead Shawn to write this entry today – which I was just waiting for to appear online…. Whenever you get a SecurityException while running in partial trust (e.g. ASP.NET medium trust), you most probably won’t have the … Continue reading

Posted in Uncategorized | Leave a comment

Using Client Certificates in ASP.NET

If you use SSL with client certificates, there are a number of interesting things you can do with the certificates in your ASP.NET application, e.g. do authentication/authorization based on certificate properties extract the UPN (if it is a Windows enterprise … Continue reading

Posted in Uncategorized | Leave a comment

Another Reason why I would not recommend Cassini

I found an interesting bug yesterday (you run across all kinds of funny stuff if you set the ASP.NET trust level to ‘Medium’ machine-wide, but you notice problems very early – compare to running as non-Admin). In a partially trusted ASP.NET application … Continue reading

Posted in Uncategorized | Leave a comment

Attacking Windows and Web Applications

Recording of a talk Dinis did at the DDD event. Check it out! http://www.roadtowinfx.com/ddd/2005-10-22_DeveloperDay_session06.wmv  

Posted in Uncategorized | Leave a comment

Identity Management

Zwei unterhaltsame aber auch informative Vorträge zum Thema Identity Management und Identity 2.0 Einleitung:http://identity20.com/media/OSCON2005/ Mehr Infos:http://identity20.com/media/ETECH_2006/  

Posted in Uncategorized | Leave a comment