Migration path to WCF

From .NET Remoting to the Windows Communication Foundation (WCF) http://msdn.microsoft.com/library/en-us/dnvs05/html/NETremoteWCF.asp?frame=true   ASP.NET Web services to the Windows Communication Foundation http://wcf.netfx3.com/content/TheFutureofASPNETWebServicesintheContextoftheWindowsCommunicationFoundation.aspx WSE->WCFhttp://wcf.netfx3.com/content/WindowsCommunicationFoundationWCFInteroperabilityandMigrationwithWSE20.aspx General WCF resources http://wcf.netfx3.com/files/default.aspx    

how to get AlternativeName and UPN from X509 certificate

using X509NameType Enumeration  you can extract all the fields from a x509 certificate. this enum is new for .net 2.0 here is the code: using System;using System.Security.Cryptography;using System.Security.Permissions;using System.IO;using System.Security.Cryptography.X509Certificates;class CertSelect{    static void Main()    {        try        {            X509Store store = new X509Store(“MY”,StoreLocation.CurrentUser);            store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);            X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;            X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid,DateTime.Now,false);            X509Certificate2Collection scollection…

more about ajax security

http://blogs.ittoolbox.com/security/dmorrill/archives/billy-hoffman-on-ajax-security-11141 some videos can be found here: http://www.asp.net/learn/videos/#ajax    

defend – protect – detect – recover – manage !

in order to know how do detect and attack and protect you should first understand the attack ! a very useful link for that: http://www.attacklabs.com/  

Netmon 3 – Nmcap.exe

Network monitor 3.0  has a command line tool as well to capture traffic. You can use the ‘Nmcap.exe’ tool to capture frames without the GUI. This tool is available in the Network Monitor 3 installation directory. I’m looking for a way now to intercept the traffic on real time – like breakpoints on fiddler more…

XSS and HTML injection attacks

just copy and paste to implement an XSS. sources can be found here : http://ha.ckers.org/xss.html

S E C U R E Acrostic

Seamless The more integration work that has to be done to get a component to work, the more opportunities to introduce unintended errors which can result in security vulnerabilities.  Secure code should therefore not require any special skills to incorporate. It should just be the normal way  of doing things. Easy to Understand Complexity breeds…

Download Network monitor 3 Now !

Download Microsoft Network Monitor (netmon) 3.0 Microsoft Network Monitor 3.0 is a brand new protocol analysis tool. It has been under development for about 2 years at Microsoft. You are welcome to try it out and provide feedback to us. Key features of Microsoft Network Monitor 3.0 include: A completely new user interface Real time…


reflector 5

check out the new version of reflector here

Guidance Explorer is here for security

Great tool from P&P that can help you to implement security issues in your code and servers. the tool can be download from https://channel9.msdn.com/wiki/default.aspx/GuidanceLibrary.GuidanceExplorer and include a lot of how to’s that refer to security.