Browse by Tags
All Tags »
Engineering (
RSS)
ידיד טוב שלי - ג'ימי מאיי פירסם פוסט מדהים של תדמית של שיפור ביצועים ומציאות: Perception, Reality, & Incrementally Tuning World-Class Applications הפוסט מלא ב-Passion (לא פחות) וקראתי אותו בכיף. הפוסט מבוסס על התפיסה ש אד גלאס שיתף לגבי שיפור של 20% (גם קולביס התייחס לזה). הנה שני סיפורים אישיים שלי בנושא. מתוך: CS193H High Performance Web Sites יום אחד נקראתי לעזור ללקוח לשפר ביצועים של מערכת ה-Web שלו. כאשר התחלתי לתחקר מה הבעיה התברר כי נדרש שיפור ביצועים ב-50%. כבר נשמע לי אתגר. כאשר...
Have you noticed that little slogan in the bottom of p&p logo? "proven practices for predictable results" When I landed in Seattle for Another Breathtaking Microsoft Convention I called my precious wife to tell her I am OK. What I heard in response was cry and she was telling me that she was involved in serious car wreck. I can recall now that first thing I asked was "Were you wearing safety belt?" and when I heard "yes" I could estimate what could happen to her. I could not be sure about her...
I was blogging lately about security tools (see Most Powerful Security Tool ). For some reason there is perception that security tools are about scanning, intercepting, cracking, and tampering - in other words, something reactive. To me security tool is something that supports Security Engineering as the whole and can be anything from document templates to simple checklists. But my favorite is of course Guidance Explorer (see patterns&practices Guidance Explorer ) that constantly gets updates...
. http://msdn2.microsoft.com/en-us/library/ms188354.aspx "In SQL Server 2005 you can define the execution context of the following user-defined modules: functions (except inline table-valued functions), procedures, queues, and triggers. By specifying the context in which the module is executed, you can control which user account the SQL Server 2005 Database Engine uses to validate permissions on objects that are referenced by the module. This provides additional flexibility and control in managing...
You can build your own application firewall Stateful Web Application Firewalls with .NET http://www.awprofessional.com/articles/article.asp?p=694855&f1=rss&rl=1 or even reverse proxy Simple HTTP Reverse Proxy with ASP.NET and IIS http://www.codeproject.com/aspnet/HTTPReverseProxy.asp Cheers
"The log-in system used by Nordea has been the target of much criticism during recent months. Users log in to their accounts using their date of birth, a standing four-digit security code and a one-time code ." Building your own custom authentication system instead using industry proven one - recipe for the above. Here are some helpfull resources: How To: Create GenericPrincipal Objects with Forms Authentication How To: Protect Forms Authentication in ASP.NET 2.0 How To: Use Authorization Manager...
...on other hand "you can't always get what you want" :) In my case - I asked and I got what I wanted So if you care about your application's security shape - go ahead and download Guidance Explorer today. Thanks JD ! Cheers
via: How not to write secure Web apps - and get to see Steve Jobs for Free! All the crypto and password logic was in client side javascript? hmmmmm.... Here is how you DO write secure web apps Cheers
via http://www2.csoonline.com/blog_view.html?CID=28152 Just like Microsoft does Oracle first time in the history notifies its customers about upcoming critical security update it is about to release in January 16. " Oracle Database Executive Summary This Critical Patch Update contains a total of 27 new security fixes for Oracle Database products, 10 of which may be remotely exploitable without authentication , i.e. they may be exploited over a network without the need for a username and password...
When you scheduled for security review meeting be prepared for the above question. Security guys are concerned of Identity Theft/Spoofing Threat. My suggestion is to go there prepared with the following question list thus saving lots of [time, money, fights, blames, threats, vulnerabilities, <<fill in your own>>] How do your end users identify yourself? User and Password pairs Digital Certificates? Other? How credentials sent over the wire (if any)? Clear text? Hashed? Over protected...
Just finished two Application Security Awareness workshops for major customer. The audience is developers and major idea behind the workshop (two halves days) is to emphasize the security fights one need to manage throughout development lifecycle - NOT just before app deployment. So we had some presentations and then practices where we tried to plan our security for imaginary applications - one Internet and the other intranet, then we've done some code inspections looking for vulnerabilities and...
http://www.microsoft.com/israel/security/default.mspx Of course, my favorite is: and Enjoy
It all happens with input that us not properly validated from: http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh04.asp?frame=true#c04618429_006 Input Validation Input validation is a challenging issue and the primary burden of a solution falls on application developers. However, proper input validation is one of your strongest measures of defense against today's application attacks. Proper input validation is an effective countermeasure that can help prevent XSS, SQL injection, buffer...
"The SEC charged Grand Logistic S.A., a Belize corporation located in Estonia, and its owner Evgeny Gashichev of Russia, with breaking into victims' computers and using the illicit access to their brokerage accounts to drive up stock prices . Between August 28 and October 13, 2006, the illegal scheme made the company at least $353,609 " More here I believe that the identity theft was possible due to inappropriate identity management or/and authentication schema. That is why more and more Compliance...
Nothing to add, ScottGu definitely rocks with his posts!! Of course my favorite is about security :) Form http://weblogs.asp.net/scottgu/pages/ASP.NET-2.0-Tips_2C00_-Tricks_2C00_-Recipes-and-Gotchas.aspx : ASP.NET 2.0 Tips, Tricks, Recipes and Gotchas This page lists some of the more popular “ASP.NET 2.0 Tips, Tricks, Recipes and Gotchas” posts I’ve done over the last year. My goal is to add 1-2 new posts to the series each week going forward – so bookmark this page for updates, or subscribe to my...
More Posts
Next page »