Monthly Archives: October 2007

Finally! Usernames over Transport Authentication in WCF

Sometimes you have to wonder why the most basic features are missing in a v1 product… Imagine this scenario: You have a public facing web service. You want the widest possible reach and compatibility – so the perfect technologies for … Continue reading

Posted in WCF | 2 Comments

Does Microsoft regret the Security Push?

Well – at least parts of it – but this did get your attention, right? Not sure what to think about that. Remember the ILoveYou virus? It replicated itself to file shares to spread across intranets. I think the argument … Continue reading

Posted in Uncategorized | Leave a comment

Try XSSDetect

Exciting things are happening over at the ACE team at Microsoft. One is XSSDetect - a Visual Studio plugin that analyzes your code to find potential XSS vulnerabilities. Mark also gives a sneak preview of other upcoming tools. Interesting!  

Posted in Uncategorized | Leave a comment

ValidateRequest does not mitigate XSS completely

I often mentioned that to customers and students. Here is the “official” word.  

Posted in ASP.NET | Leave a comment

.net@movies Episode 1 – Web Security

Am 17.Dezember findet die erste Veranstaltung der brandneuen .net@movies Serie des ProDev Colleges statt. Bei diesem ersten Event geht es um ein Thema, das mir schon lange sehr am Herzen liegt: Web Security. Mein geschätzer Kollege Christian Wenz und ich … Continue reading

Posted in Uncategorized | Leave a comment

Sichere Software mit Microsoft .NET entwickeln

…ist der Titel eines neuen Buches vom Entwickler.Press Verlag. Darin könnt Ihr eine Artikelsammlung von Autoren wie Michael Howard, Steve Lippner, Christian Wenz, Darius Parys und mir finden. Behandelt werden Themen wie Windows, ASP.NET, .NET und WCF Security. Das ganze … Continue reading

Posted in Uncategorized | Leave a comment

TechEd:Developer 2007 Security Track

TechEd:Developer in Barcelona this year will be the first TechEd ever that has a “physical” security track. That’s great. There are great speakers and interesting sessions on this track, e.g. Michael Howard (SDL, Threat Modeling), Keith Brown (identity, claims and … Continue reading

Posted in Uncategorized | Leave a comment