You are here: silicon.com > Resources > White Papers > Security > Security Administration > Security Management

Dave's Top 10 Ways to Secure Your Web Application - Level 300

Overview In this webcast, you will see some practical best practices for writing secure ASP.NET code. The following topics have been used by the author in real world code and will be covered: hash your passwords in the Presentation Tier and where they're stored, use Role Based Authentication, Use Declarative Security with PrincipalPermissionAttribute and SecurityAction.Demand, use Imperative Security with IsInRole, roll your own custom Principal, wrap possibly unsecure code with Try Finally and make sure to cleanup in the Finally block, defeat brute-force attacks with maximum retry counts, encrypt sensitive data in .config files and other places with System.Security.Cryptography, use Code Access Security to ensure least-privilege in your assemblies, and use the Framework - DON'T REINVENT THE WHEEL!.

Further White Paper Details
Publisher	Microsoft
Live Date	25th March 2004 16:14 GMT
Format	Webcast
Topics	Security Management

Did you find this white paper useful? 2 out of 4 users found this white paper useful

Balancing Security Against Productivity

Publisher:
Novell

Novell Zenworks Endpoint Security Management: Total Control from a Single Console

Publisher:
Novell

Secure Desktop On-Demand Webcast

Publisher:
Novell

NAC 2.0: A new model for a more secure future

Publisher:
Sophos

Ethical Hacking and Risk Assessments

Publisher:
Global Knowledge

John Lamb's Week: homes and databases of the future

Having sat through enough Bill Gates-hosted presentations on the office of the future to fill a Windows error log, I hope Cranfield resists the temptation to hype some hopelessly unrealistic vision of the liberating force of technology.

Channel:
Comment & Analysis

Bluetooth phone hacking tools 'spreading quickly'

It was a deliberate design decision not to include authentication - that allows people to [easily] send business cards to each other," he said. There are techniques to find hidden devices, but it is a brute-force method that would take a lot of time.

Channel:
Mobile & Wireless

Globix offers protection against brute force net attacks

Hosting services company Globix has turned to Top Layer Networks to offer intrusion detection to customers whose online services are vulnerable to attacks A range of companies have lost revenues in recent months as blackmailers and others have...

Microsoft splashes cash on anti-spyware firm

The tool will also be configurable, so users can block known spyware and other specific unwanted software from being installed on a computer. Once the PC is compromised, the attacker often can access information stored on the computer, load other...

Channel:
Security Strategy

Cisco warns over pair of network flaws

Cisco NAC Appliance, which checks external devices attempting to log on to a company network are compliant with security policy, contains two flaws that an attacker could use to gain control of the devices, or compromise sensitive information...

Channel:
Security Strategy
Tags:
flaws,
cisco

Junked: Is this the end of spam and spoof email?

The digital signatures, which use public key cryptography, are viewed as unforgeable. A key internet standards body has given preliminary approval to a powerful technology designed to detect and block fake email messages.

Virtualisation: Architectual Considerations and other Evaluation Criteria

In the past several years, server virtualisation technology has moved quickly and firmly into the IT mainstream. Of the many approaches to system virtualisation available in the market today, VMware's hypervisor architecture has gained the greatest market acceptance. This paper examines the architectural issues, solution support, and enterprise readiness required when deploying such a virtualisation solution.

Publisher:
EMC

Getting Started with Master Data Management

Master data management forms part of an overall enterprise governance program that aims to establish trusted data throughout the enterprise. This white paper from Mike Ferguson of Intelligent Business Strategies defines master data, examines why it is needed, and explores methodologies for implementing master data management.

Publisher:
DataFlux

Optimising Storage with Global File Virtualisation

This white paper will provide an overview on how Rainfinity Global File Virtualisation virtualises unstructured data environments and moves data -including active, open files-without disruption to users or applications. Rainfinity is the only enterprise-class file virtualisation solution, and delivers complete NAS optimisation across geterogeneous environments, such as NAS, CAS, and file servers.

Publisher:
EMC

Also on silicon.com

Site Navigation:

Dave's Top 10 Ways to Secure Your Web Application - Level 300

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific