Sharing Forms Authentication between ASP.NET 1.1 and ASP.NET 2.0 Applications

As you start shifting from ASP.NET 1.1 to ASP.NET 2.0 development there may be instances where you want to be able to share Authentication cookies between different versions of your ASP.NET Web Sites.  Due to another subtle security changes made to Forms Authentication in ASP.NET 2.0 this will not work by default.  For example, if…


Windows OneCare Live–Get the Beta

It is hard to believe but approximately 70% of home computers are not using any software Firewall protection–such as the one that comes with Windows XP SP 2–or even any anti-virus software.  And of course we can easily conclude that these home computers do not have any spy ware protection either.  Therefore, if you are…


Change to ASP.NET 2.0 Forms Authentication Persistent Cookies

I have already highlighted some of the subtle security and migration issues with .NET Framework 2.0 such as: SN tool work with PFX Files Safe CRT Libraries This time, however, I will talk about a third subtle change which is to do with the cookie expiration value under ASP.NET 2.0 Forms Authentication.  In ASP.NET 1.1, if…

1

Windows Defender Beta 2 is now Out

Microsoft Windows Defender Beta 2 is a spyware protection program that I have personally been using on few computers for serveral months now.  I like how it automatically updates itselfs and how, for the most part keeps on running smoothly in the back ground and not always in your face. Install it now: http://www.microsoft.com/athome/security/spyware/software/default.mspx

1

SN v2.0 Works With PFX Files

.NET Framework 2.0 sn tool has the ability to work with PKCS #12 PFX files in addition to SNK files.  This offers the benefit of having your keys stored in encrypted format rather than the standard plain text.   You can get more detailed information from the following blog: http://blogs.msdn.com/shawnfa/archive/2006/02/14/531921.aspx

1

Visual Studio 2005 Safe C and C++ (Safe CRT) Runtime Library

When Visual Studio 2005 was released in November 2005 there were many features announced and talked about extensively.  However, I found one piece that was overlooked was the major changes made to the C and C++ Runtime Library to improve Security in your C++ applications.  Specific functions that were found to be unsafe and thus…

2

Security on the Brain

Are you interested in Security from a Developer prespective then check out the new MSDN Canada Security on the Brain Web Site.  This site is dedicated to provide the lastest information on Security for Developers as well as upcoming events such as the latest in a Series of WebCasts for Canadian Developers on Security every…

1

Crypto Key Length

I got this from Michael Howard’s Blog and it is a cool web app that provides recommended key length to achieve adequate protection for your application to a specific number of years.  http://www.keylength.com


Auditing–the forgotten art of Security

When it comes to security there is a lot of emphasis placed on Authentication and Authorization which of course make sense.  Sometimes, I think there is so much emphasis placed on Authentication and Authorization that we forget about another critical component which is Auditing.   A well designed Authentication mechanism does offer some level of protection, but…


Thoughts on Code Scanning Tools

I was in the process of writing a blog on my thoughts about Code Scanning Tools to find security vulnerabilites in source code.  As I mention many times before there are no silver bullet in the IT industry and surely there are no silver bullets in Security.  If there was a silver bullet then why…