System.Security.SecureString Part II

Second part of the SecreString blog post. Check it out at http://blogs.msdn.com/cisg/archive/2008/12/17/secure-string-in-net-part-ii.aspx. Thanks RV

0

How the Anti-XSS 3.0 SRE Works

Published a new blog on how SRE works internally. Kind of a starter course on Anti-XSS SRE code. Check it out at How the Anti-XSS 3.0 SRE Works. Thanks RV

0

Anti-XSS Webcast

On January 9th there will be a webcast on technet about Anti-XSS v3.0. This will showcase some of the improvements done to the Anti-XSS library. The webcast registration url is http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032398771&Culture=en-US. Thanks RV

0

Security Deployment Review Tool Webcast

Deployment Reviews is a process to check a host for security settings, mostly those affect the applications that are hosted on that. A technet webcast has been scheduled to reveal an automated tool to check for deployment security settings. The webcast is on 12/15/2008 from 10:30 AM to 11:30 AM and the following is the…

0

Oslo M Language

The M language is awesome, I have been experimenting with it for quite some time now. it allows you to create models of types in a descriptive language. The idea behind M language is to capture developers intent in a descriptive language for modeling purposes. Additionally, it converts these types into SQL schema for application…

0

SECURITY Q&A #1

From a security perspective what’s wrong with this code? 1: <html> 2: <head> 3: <title>Welcome Page</title> 4: <script language="JavaScript"> 5: function openNewWindow() 6: { 7: window.open(‘<%=Server.HtmlEncode(Request.QueryString["URL"])%>’); 8: } 9: </script> 10: </head> 11: <body> 12: Welcome <%=Context.User.Identity.Name %> 13: <br/> 14: Click <a href="javascript:openNewWindow();">here</a> 15: to open the link in new window. 15: </body> 16:…

0

Developer Security IQ

There is a very good article on MSDN magazine about security bugs. A good Q&A to determine your security IQ. Check it out at http://msdn.microsoft.com/en-us/magazine/cc982154.aspx. In this spirit I will try to post some security Q&A specially on web and windows applications.

0

OWASP MN Mini Conference

This Tuesday I was spoke at the OWASP MN mini conference at the University of Minnesota’s St. Paul Student Center. Had some very impressive speakers, Brian Chess, Richard Stallman and Jeff Williams. I spoke about our CISF framework and tools. http://www.owasp.org/index.php/OWASP_Minneapolis_St_Paul_2008_Conference Thanks RV

0

Security Runtime Engine

We have been working on this project for some time now. It is a http module to protect web applications from certain attacks. http://blogs.msdn.com/cisg/archive/2008/10/24/a-sneak-peak-at-the-security-runtime-engine.aspx Thanks RV

0

System.Security.SecureString in .NET

Varun in our team has posted part I of series about SecureString in .NET. Awesome blog entry talks about internal details on how secure strings work in .NET with some samples. Check it out at http://blogs.msdn.com/cisg/archive/2008/10/08/secure-strings-in-net-part-i.aspx Thanks RV

1