|
|
|
Browse by Tags
-
Thanks for those of you who attended my talks last week in London. The ASP.NET Attack and Defence talk covered SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). The first two have downloadable demos and labs as part of...
-
Eric is one of our newest instructors, and he’s got a new blog on our website . Here’s what he’s got to say about himself: “Eric Burke is a member of the technical staff at Pluralsight, where he focuses on WPF and Silverlight . Eric is also a Principal...
-
I've been thinking a lot lately about password management. I'm not talking about how a user manages the myriad of passwords she's stuck with, but rather how a system (e.g., a website) should go about accepting, storing, and protecting the...
-
I've been getting a bit behind on my blog reading. So the other day, I took it upon myself to read some older posts on some of my favorite blogs. And a couple of items resonated with me enough that I decided to take some action. This recent item from...
-
From Coding Horror , originally from CWE/SANS , this is a list that every developer should review from time to time. If you work on software in any capacity, at least skim this list. I encourage you to click through for greater detail on anything you're...
-
I just fired up my first WPF project since I installed VS 2008, and intellisense wasn't working in my XAML files. Like many other graybeards, I prefer to edit XAML files in the XML editor, rather than the designer. But I can't live without intellisense...
-
I recently published Self-Cert , a tool that makes it really easy to generate self-signed certificates using the CryptoAPI. What's nice about it is that it has a .NET class library underneath it that makes it easy to do this programmatically from...
-
Mike Woodring sent me an email today. He was concerned that a website that he frequents wasn't doing such a good job storing passwords. He pointed out that by clicking a button, you could get your password emailed back to you. After talking with someone...
-
IIS is currently rejecting self-signed certs made with the Self-Cert tool . Actually, you can install the cert into IIS, but when a client connects, IIS will refuse to set up the SSL tunnel. So far I believe the problem is that my certs aren't getting...
-
It's a bit of a pain to create self-signed certs using MAKECERT. So here's a GUI-based tool that uses a combination of the .NET Framework and the CryptoAPI to create self-signed X.509 certificates. And it's factored so that you can use the...
-
Today I spent some time exploring WLID's new SDK that allows you to support WLID authentication in a website of your own. I got it working pretty quickly in a test website, and it works quite nicely. So now I'm a bit curious. There's a section...
-
As I've been fleshing out the reporting infrastructure for Pluralsight On-Demand! I've been finding Linq incredibly useful. And what's great is that I've been able to round out my knowledge by watching a few modules of Scott Allen 's...
-
Over the last couple of years, I've worked on websites that support both HTTP and HTTPS, and it's always tricky to find a balance between security and usability. Dominick wrote an excellent article about this awhile back, suggesting that allowing...
-
The other day I was working on a website that uses ASP.NET health monitoring to log unhandled exceptions. This system sends email to the devs when exceptions occur so that they can track down the problem. Their website is constantly getting better as...
-
For those who didn't attend PDC, the Zermatt identity framework has been re-code-named Geneva Framework so that it fits in with the Geneva family of products : Geneva Framework : a .NET class library called Microsoft.IdentityModel (basically it's...
|
|
|
|
|