יום חמישי, מרץ 15, 2012
My colleague Bruce Kyle has put together a view into how you can secure your application in Windows Azure. He’s pulled together information from hundreds of pages to provide you with a how-to guide on developing your application in a secure way on Windows Azure. This six-part series describes the threats, how you can respond,
יום שבת, ינואר 29, 2011
Microsoft has released Attack Surface Analyzer. It is a Software Development Lifecycle verification tool for developers and IT professionals to identify whether newly developed or installed applications inadvertently change the attack surface of a Microsoft operating system. Attack Surface Analyzer is developed by the Security Engineering group, building on the work of our Security Science
יום שישי, מאי 21, 2010
The patterns & practices team is writing Azure Security Guidance as a series of application scenarios and solutions. The goal is to show the most common application scenarios on the Microsoft Azure platform.
Patterns that described in the article include:
ASP.NET to Azure Storage
ASP.NET to SQL Azure
ASP.NET On-Site to SQL Azure Through WCF
יום שבת, אוקטובר 20, 2007
Many applications include code that looks like:
1: string sqlStmt = "SELECT * FROM USERS WHERE UserName= '" + un + "' AND Password='" + pwd + "'";
Admit it...it's ugly, but you constructed SQL statements like this one.
The variables un,pwd are provided by the user. The problem with this SQL string is that the attacker can piggyback SQL statements in one of them.
What if the attacker enters this:
un = maor, pwd = 123456' OR 1=1. The following malicious statement is built:
1: string sqlStmt = "SELECT * FROM USERS WHERE UserName= 'maor' AND Password='123456'...
יום שבת, יוני 2, 2007
Worried about security? Microsoft has published patterns & practices Security Checklists Index for .NET framework 1.1 & 2.0.
You can find there:
Architecture and Design Review Checklists
Code Review Checklists
Deployment Review Checklists