Monthly Archives: November 2004

Another "security guy"

If you are interested in .net/windows security – check out michael willers blog! You’ll find interesting in-sights in secure deployment, authenticode and low level windows security programming. subscribed!    

Posted in Uncategorized | Leave a comment

Web Service Contract First

Christian Weyer was so kind to send me a beta version of his Contract First! tool WSCF – while having only looked briefly at it by now – i can say – this rocks! keep up the good the work! … Continue reading

Posted in Uncategorized | Leave a comment

ADC Slides

as promised – my slides from the advanced developers conference “Hackproofing W2K3/IIS6/ASP.NET” (german) Hackproofing IIS6.pdf (1002,9 KB)  

Posted in Uncategorized | Leave a comment

Advanced Developer Conference

i arrived at ulm (well, to be exactly it is “neu-ulm” which is apparently a complete different thing for my car navigation….). it is snowing in germany, which is kind of mad since we had 12°C 3 days ago – … Continue reading

Posted in Uncategorized | Leave a comment

Common ASP.NET Security Issues

when browsing through the Microsoft ASP.NET security newsgroups – 85% of all problems seem to be identity, impersonation, delegation and resource access problems (over and over again). Microsoft Support has compiled a page called “Common Security Issues when Accessing Remote Resources with … Continue reading

Posted in Uncategorized | Leave a comment

Security and Multi Threading

A lot of the security primitives in .NET depend on extra information attached to the current thread, e.g. CurrentPrincipal, CAS Markers and Impersonation Tokens. Ever wondered what happens when you spin off a new thread – is this vital security … Continue reading

Posted in Uncategorized | Leave a comment

PasswordEntropyValidator for ASP.NET

you all know that you should reject weak passwords in your applications… to make this task easier i wrote a new validator control for ASP.NET – just set the minimum amount of required entropy bits and validate your password textboxes. PasswordEntropyValidator.zip … Continue reading

Posted in Uncategorized | Leave a comment