Group items tagged

"Security Vulnerability Assessments are an important step in ensuring your server does not get hacked. Why use HackerTarget.com?"

"Programmers take certain features for granted - sequential programming for instance, writing down an algorithm that does one thing after the other. RelatedVendorContent State of Agile Development Survey Results & Summary Architecting the Ultimate Service Security Control Point 2010 Open Source Integrity Report: Defect Scan of 291 Key Projects Including Android Kernel DataPower: Messaging, ESB, Cloud, Security as an Appliance The Agile Tester However, if you're writing code in Javascript that uses blocking I/O or other long running operations, sequential coding is out of the question because blocking the only thread in the system is a very bad idea. The solution is to implement algorithms using asynchronous callbacks, ie. spread out sequential code over multiple callbacks."

"We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol."

"Duration - 19 months to complete a blog series, for crying out loud! Content - approaching 50,000 words, not including all the discussion in comments. Effort - some of the posts, such as transport layer security, probably approached 100 hours of reading, trialling, experimenting and finally, writing and proofing. This is why there was a four month "hiatus" before that post!"

This tutorial will teach you how to use the Web Security Class to add registration to a website.

This tutorial will teach you how to use the Web Security Class to add registration to a website.

"I've long looked at JavaScript as a second-class citizen in the programming world. Early on, it was the source of numerous security problems; it was a nice bit of glue to patch together HTML applications with a bit of styling, but nobody would use it for serious code; and so forth. Java, Ruby, Python, they were the languages for doing real work. "

"The Video of my Mix TalkOne of the demos in my Mix 11 talk "An Overview of the MS Web Stack of Love" was showing how IIS Express and Visual Studio SP1 (as well as WebMatrix) can make working with SSL (Secure Sockets Layer) a heck of a lot easier."

"To say I like SP_WhoIsActive is an understatement. This is probably the most useful and effective stored procedure I've ever encountered for activity monitoring. The purpose of the SP_WhoIsActive stored procedure is to give DBAs and developers as much performance and workload data about SQL Server's internal workings as possible, while retaining both flexibility and security. It was written by Boston-area consultant and writer Adam Machanic, who is also a long-time SQL Server MVP, a founder of SQLBlog.com, and one of the most elite individuals who are qualified to teach the Microsoft Certified Master classes."

"Wouldn't it be nice to receive a gentle tap on the shoulder if you're about to add code that will come back and haunt you later-in the form of a bug that could take days to find and fix later in the development process, code that's virtually impossible for your team members to reuse and extend, or a defect that impacts security, reliability, or performance in the field?"

"bcrypt is an adaptive cryptographic hash function for passwords designed by Niels Provos and David Mazières, based on the Blowfish cipher, and presented at USENIX in 1999.[1] Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive hash: over time it can be made slower and slower so it remains resistant to specific brute-force search attacks against the hash and the salt."