Series of Posts on Azure Security

יום חמישי, מרץ 15, 2012

My colleague Bruce Kyle has put together a view into how you can secure your application in Windows Azure. He’s pulled together information from hundreds of pages to provide you with a how-to guide on developing your application in a secure way on Windows Azure. This six-part series describes the threats, how you can respond,
אין תגובות

Attack Surface Analyzer BETA

יום שבת, ינואר 29, 2011

Microsoft has released Attack Surface Analyzer. It is a Software Development Lifecycle verification tool for developers and IT professionals to identify whether newly developed or installed applications inadvertently change the attack surface of a Microsoft operating system. Attack Surface Analyzer is developed by the Security Engineering group, building on the work of our Security Science
אין תגובות

Data Security On Windows Azure

יום שישי, מאי 21, 2010

The patterns & practices team is writing Azure Security Guidance as a series of application scenarios and solutions. The goal is to show the most common application scenarios on the Microsoft Azure platform. Patterns that described in the article include: ASP.NET to Azure Storage ASP.NET to SQL Azure ASP.NET On-Site to SQL Azure Through WCF
אין תגובות

How to prevent SQL injections

יום שבת, אוקטובר 20, 2007

Many applications include code that looks like: 1: string sqlStmt = "SELECT * FROM USERS WHERE UserName= '" + un + "' AND Password='" + pwd + "'"; Admit it...it's ugly, but you constructed SQL statements like this one. The variables un,pwd are provided by the user. The problem with this SQL string is that the attacker can piggyback SQL statements in one of them. What if the attacker enters this: un = maor, pwd = 123456' OR 1=1.  The following malicious statement is built: 1: string sqlStmt = "SELECT * FROM USERS WHERE UserName= 'maor' AND Password='123456'...
תגיות: , , ,
תגובה אחת

Secure your application

יום שבת, יוני 2, 2007

Worried about security? Microsoft has published patterns & practices Security Checklists Index for .NET framework 1.1 & 2.0. You can find there: Architecture and Design Review Checklists Code Review Checklists Deployment Review Checklists Take care...
אין תגובות