|
|
browse.develop.com
Browse.develop.com is a community that was established to collect and
organize valuable web information. Our technical staff have selected and
indexed information and courses that they feel will help you stay
current on best practices across the SDLC.
|
20 Articles match "Information","Security"
|
Related DevelopMentor Courses
|
MORE
|
|
SharePoint for Developers (WSSv3/MOSS2007)
We examine what a web application is, what site collections are, where critical files are stored, how pages are processed, and how to locate and manage the important information. Reusable Lists and Custom Content Types Content types are new to WSS v3 and provide a rich way to push common type information down into SharePoint list items. Security - Custom Authentication The last version of WSS and SharePoint Portal Utilize the WSS object model for building applications in SharePoint Build custom workflow solutions for SharePoint Create custom event handlers Use features and solutions for deploying projects for WSS and MOSS Build standard web parts and web parts utilizing AJAX Handle custom authentication solutions Implement best practices for building solutions with WSS and MOSS Leverage the Business Data Catalog Create custom lists that use custom content types Essential SharePoint for Developers (WSSv3/MOSS2007) covers the critical building blocks for developing solutions for both Windows SharePoint Services
DevelopMentor Courses
- Friday, June 12, 2009
Essential Silverlight 3
Well, Silverlight's keyboard handling is far less capable than that of WPF; it has to cope with multiple browsers running on multiple operating systems and has to be more constrained due to the security restrictions of the plugi. In addition, it has its own isolated storage file mechanism for opaque storage of application information. Detached apps run inside In this course, you learn to: Identify when and where Silverlight should be used Use Expression Blend to design your user interface Use Visual Studio 2008 to build a Silverlight project and manage its code using C# Exploit the layout controls to create compelling user interfaces Incorporate Silverlight content into your existing web sites Build user and custom controls that support templates and styling Use Behaviors, Actions and Triggers to create reusable functionality across applications Integrate animations, special effects, perspective transforms and media to create a professional UI Exploit
DevelopMentor Courses
- Wednesday, June 17, 2009
.NET Security
Identify and prioritize risks and vulnerabilities in applications Protect data using encryption and signatures Impersonate and delegate Windows credentials Integrate with Windows domains and network authentication Write sandboxed applications Avoid common security threats like cross-site scripting or SQL injection Use CardSpace to authenticate users Secure communication with WCF Authenticate and authorize users in ASP.NET Security is a feature. But not every security feature is also a secure feature. Essential .NET NET Security gives you the necessary background
DevelopMentor Courses
- Friday, June 12, 2009
|
32 Articles match "Information","Security"
|
The Latest from DevelopMentor
|
MORE
|
|
WCF, WIF and Load Balancing (and a bit of Azure)
giving some background information on how session tokens are protected in WIF – here
some The ws* bindings in WCF establish a security session by default (via WS-SecureConversation).
This mixed mode) or IssuedTokenForCertificate (for message security).
In the binding I am using Pablo wrote a post yesterday
giving some additional info for WCF:
The
www.leastprivilege.com
- Thursday, February 18, 2010
Building Windows Machines in Amazon EC2
configuring the security, choosing an encryption key, opening ports in the firewall,
and All information, source code, and especially
tools In this article I'm going to give you a simple, step-by-step overview of how to create
a a Windows 2008 server image in Amazon's
Elastic
Michael C. Kennedy's Weblog
- Saturday, January 30, 2010
WIF Configuration – Part 2: SecurityTokenHandlerConfiguration
The workhorse of WIF are security token handler. But a token handler needs more information to do its work (issuer name registry, audience
URIs, This information is all encapsulated in the SecurityTokenHandlerConfiguration class.
You The WIF security token handler configuration section also has the concept of named
handler Again token handler can be use independently
of of
www.leastprivilege.com
- Wednesday, December 23, 2009
|
-
|
The Best from DevelopMentor
|
MORE
|
-
ASP.NET Security Goodness
A bunch of (ASP.NET) security tools got released over the weekend – highly recommended!
Get more info from Mark and Barry .
CAT.NET V1 CTP
“CAT.NET is a snap-in to the Visual Studio IDE that helps you identify security flaws
Cross Site Scripting
- SQL Injection - Process Command Injection - File Canonicalization - Exception Information
- LDAP Injection - XPATH Injection - Redirection to User Controlled Site.”
32
within a managed code (C#, Visual Basic .NET, NET, J#) application you are developing.
www.leastprivilege.com
- Monday, December 15, 2008
-
Thinktecture Security Token Service Starter Kit
Some features:
active and passive security token service
supports WS-Federation, WS-Trust 1.3 (message tokens
based on the standard membership, roles and profile provider infrastructure
membership provider is used to authenticate users and to provide a name and email
claim
role provider is used for authorization in the web front-end and to provider role
claims
profile provider is used to allow users to supply profile information which gets turned
into claims
easy administration of the
www.leastprivilege.com
- Monday, May 25, 2009
-
Another Security Rant
A while back I started playing with the managed support for secure stream protocols available for windows. In a previous post on my previous blog ( Previous Rant ) I mentioned that even though you asked for a secure stream to be mutually authenticated, windows could decide not to bother and use NTLM and only send your credentials. So if in my remoting configuration I actually specify I want to use mutual authentication and it fails to achieve it because the other The managed wrappers of NegotiateStream wrap up access to SSPI. Personally I felt that the API should have thrown
.NET Mutterings
- Monday, July 3, 2006
-
(SAML) Token Creation in a Geneva STS
Internally the SecurityTokenService class drives a “token information gathering”
passed on to a SecurityTokenHandler that creates the security token. Determines scope specific information like signing and encrypting
credentials – usually based on the AppliesTo header.
CreateSecurityDescriptor
Creates a default descriptor based on the scope from step 1. By default, Geneva STS developers are quite shielded from the SAML creation process
– you simply derive from SecurityTokenService and implement GetScope and GetOutputClaimsIdentity ,
www.leastprivilege.com
- Saturday, November 22, 2008
-
Article: Avoiding 5 Common Pitfalls in Unit Testing
security that they would bring to my projects. All information, source code, and especially tools are provided as is and on a "use at your own risk" basis.
...Tags: Llewellyn Falco and I recently wrote an article for DevelopMentor's Developments newsletter
entitled entitled Avoiding 5 Common Pitfalls in Unit Testing .
You
Michael C. Kennedy's Weblog
- Thursday, August 6, 2009
-
Skiing in "Zermatt"
are:
APIs for the token/claims related heavy crypto lifting
Supporting classes for claims aware applications (including an IIdentity/IPrincipal
implementation to give you a common programming model and smooth migration path)
ASP.NET plumbing for accepting tokens in web applications
ASP.NET controls for adding Information Card support to web applications
OM for creating Information Cards
Framework and base classes to write security token services (for active and passive
scenarios)
www.leastprivilege.com
- Wednesday, July 9, 2008
-
Using the .NET Access Control Service with Geneva
In Geneva terms this boils down to the following pieces of plumbing:
issuer name registry that knows about the ACS issuer certificate
security token handler that check the SAML issuer name
Issuer Registry
There are two ways to accomplish this. is not a X509 Security Token" );
}
var cert
= token.Certificate;
if (cert.Thumbprint.Equals( "416E6FA5D982B096931FBF42C4A3DCD608856C95" , StringComparison .OrdinalIgnoreCase)) If you haven’t checked out the .NET NET Access Control
www.leastprivilege.com
- Thursday, December 11, 2008
|
|
|
