Monthly Archives: March 2006

Security DevDays 2006

Im Rahmen der DevDays werde ich im Mai zusammen mit Sebatian Weber Vorträge über den Praxis-Einsatz der Security Features von .NET 2.0 halten. Mein Fokus wird dabei auf der Integration in die Windows Security Infrastruktur, sichere Netzwerk Authentifizierung und Kommunikation sowie das Schützen … Continue reading

Posted in Uncategorized | Leave a comment

Angreifen von Windows- und Web-Anwendungen

Dinis ist ein alter Hase im Application Security Bereich – sehr unterhaltsames Video über Sicherheits-Schwächen in Anwendungen. Interessant wie .NET Security von einem der Hardliner der Szene gesehen wird. Sehr empfehlenswert. http://www.roadtowinfx.com/ddd/2005-10-22_DeveloperDay_session06.wmv  

Posted in Uncategorized | Leave a comment

Viewing SecurityExceptions

This problem yesterday lead Shawn to write this entry today – which I was just waiting for to appear online…. Whenever you get a SecurityException while running in partial trust (e.g. ASP.NET medium trust), you most probably won’t have the … Continue reading

Posted in Uncategorized | Leave a comment

Using Client Certificates in ASP.NET

If you use SSL with client certificates, there are a number of interesting things you can do with the certificates in your ASP.NET application, e.g. do authentication/authorization based on certificate properties extract the UPN (if it is a Windows enterprise … Continue reading

Posted in Uncategorized | Leave a comment

Another Reason why I would not recommend Cassini

I found an interesting bug yesterday (you run across all kinds of funny stuff if you set the ASP.NET trust level to ‘Medium’ machine-wide, but you notice problems very early – compare to running as non-Admin). In a partially trusted ASP.NET application … Continue reading

Posted in Uncategorized | Leave a comment

Attacking Windows and Web Applications

Recording of a talk Dinis did at the DDD event. Check it out! http://www.roadtowinfx.com/ddd/2005-10-22_DeveloperDay_session06.wmv  

Posted in Uncategorized | Leave a comment

Identity Management

Zwei unterhaltsame aber auch informative Vorträge zum Thema Identity Management und Identity 2.0 Einleitung:http://identity20.com/media/OSCON2005/ Mehr Infos:http://identity20.com/media/ETECH_2006/  

Posted in Uncategorized | Leave a comment

Dick did it again

Another Identity 2.0 talk - maybe not as perfectly timed as the 1st one – but interesting information. http://identity20.com/media/ETECH_2006/

Posted in Uncategorized | Leave a comment

Sichere Kommunikation mit .NET 2.0

Teil 3 meiner MSDN Reihe über die Security APIs von .NET 2.0 ist online – diesmal geht es um Netzwerk-Authentifizierung und sichere Kommunikation mit NegotiateStream, Remoting und WebServices. Dazu finden Sie hier auch noch ein paar Samples: http://www.leastprivilege.com/NegotiateStreamSample.aspxhttp://www.leastprivilege.com/SecureRemoting.aspxhttp://www.leastprivilege.com/NegotiateStreamAndNTLM.aspx  

Posted in Uncategorized | Leave a comment

MS06-12 and working as Administrator

Quoting: “On vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or … Continue reading

Posted in Uncategorized | Leave a comment