Monthly Archives: February 2005

WSE Policy Advisor

From the Samoa site (previous post) WSE Policy Advisor is a security plug-in for Web Services Enhancements 2.0 for Microsoft .NET (WSE). It can be invoked either from the WSE Configuration Editor or as a stand-alone tool. It examines the … Continue reading

Posted in Uncategorized | Leave a comment

Samoa: Formal Tools for Securing Web Services

Collection of papers, links, and ideas from Microsoft Research. via Mike Gunderloy  

Posted in Uncategorized | Leave a comment

HttpOnly and ASP.NET

I saw the HttpOnly flag for cookies mentioned in several blogs recently. HttpOnly is a new flag that you can append to a cookie, which makes the cookie unavailable to client side script (e.g. ‘document.cookie’). Microsoft introduced that, and it … Continue reading

Posted in Uncategorized | Leave a comment

Patch Day – also for ASP.NET

so this seems to be officially fixed – finally http://www.microsoft.com/technet/security/Bulletin/MS05-004.mspx“This update resolves a public vulnerability in ASP.NET that could allow an attacker to bypass the security of an ASP.NET Web site and gain unauthorized access. The vulnerability is documented in … Continue reading

Posted in Uncategorized | Leave a comment

Run CMD under different credentials

.NET 2.0 has the ability to specify different user credentials when starting a new process via Process.Start(). The password for the user has to be supplied via the new SecureString class (read more here). First you have to collect the … Continue reading

Posted in Uncategorized | Leave a comment

Essential .NET Security 2.0

Interested in 4 days of in-depth knowledge about building secure applications using the new .NET 2.0 features??? While having big fun??? DevelopMentor’s Essential .NET Security 2.0 course is finished. We will start to teach it in Europe starting with the 29th … Continue reading

Posted in Uncategorized | Leave a comment