Evolving ASP.NET Apps–Cookie Authentication

The Evolving ASP.NET Apps series + bonus content is published as a book and is available for purchase. We have already addressed how to securely hash a password and check username and password on login. In this section, we will explore how to authenticate and authorize requests after the user has successfully logged in. In…


Evolving ASP.NET Apps–Password Hashing

The Evolving ASP.NET Apps series + bonus content is being published as a book. Buy it here. Storing passwords is always a tricky proposition. For a great number of sites they have simply washed their hands of the responsibility by outsourcing to a third party such as Twitter, Google or even Facebook. This is usually…


Evolving ASP.NET Applications–SQL Injection

In the previous installment of this series we took a look at the various security issues present in BugTracker.NET. We identified five vulnerabilities that were worth addressing at once. The most difficult, or at least the most time consuming problem to address is the potential for SQL injection attacks. BugTracker.NET does not make use of…


Evolving ASP.NET Apps–Security

The Evolving ASP.NET Apps series + bonus content is being published as a book. Buy it here. Between David and I we have about a decade of post secondary education in computery things. Despite that neither of us have either had a class on how to program securely. Secure programming is, honestly, not something that…


Windows Azure = Security + Privacy + Compliance

Never have I been able to have a conversation about the Cloud without having the question asked of me: “What about security, privacy, and compliance?” Unlike some other folks that I know, I don’t shy away from having this discussion as I am of the opinion that, though a bit complicated to explain quickly, there’s…


Building Secure Windows Phone 8 Apps – The Platform

Security on the Brain Security is something we all know is important, but is it something that we always do? Most likely, not always. That’s partially because security is complex and takes time to implement. Many of you, these days, don’t have that time (it’s all about shortest time-to-market, right?) to think about security. You…


Security Code Review Techniques–SQL Injection Edition

Security on the Brain Security is something we all know is important, but is it something that we always do? Most likely, not always. That’s partially because security is complex and takes time to implement. Many of you, these days, don’t have that time (it’s all about shortest time-to-market, right?) to think about security. You…


Building Secure Windows Store Apps

Security on the Brain Security is something we all know is important, but is it something that we always do? Most likely, not always. That’s partially because security is complex and takes time to implement. Many of you, these days, don’t have that time (it’s all about shortest time-to-market, right?) to think about security. You…


Security Code Review Techniques: Cross-Site Scripting Edition

Security on the Brain Security is something we all know is important, but is it something that we always do? Most likely, not always. That’s partially because security is complex and takes time to implement. Many of you, these days, don’t have that time (it’s all about shortest time-to-market, right?) to think about security. You…


A Simple and Practical Approach to Security

Security on the Brain In his guest blog post below, Neil McIsaac talks about the importance of thoroughly understanding and implementing security requirements to keep applications safe. Of course, that’s something that we all know, but is it something that we always do? Most likely, not always. That’s partially because security is complex and takes…