Uncategorized pages
From Guidance Share
Showing below up to 500 results starting with #1.
View (previous 500) (next 500) (20 | 50 | 100 | 250 | 500).
- .NET Framework 1.1 Performance
- .NET Framework 1.1 Performance Guidelines - Working Set
- .NET Framework 1.1 Security
- .NET Framework 2.0 Performance
- .NET Framework 2.0 Security
- ADO.NET 1.1 Performance
- ADO.NET 1.1 Security
- ADO.NET 2.0 Performance
- ADO.NET 2.0 Security
- ASP.NET 1.1 Performance
- ASP.NET 1.1 Performance Checklist
- ASP.NET 1.1 Security
- ASP.NET 1.1 Security Application Scenarios
- ASP.NET 1.1 Security Guidelines - Cross-Site Scripting
- ASP.NET 1.1 Security Guidelines - Impersonation
- ASP.NET 1.1 Security Whiteboard Solutions
- ASP.NET 2.0 Code Examples
- ASP.NET 2.0 Intranet - Windows Auth to AD Groups
- ASP.NET 2.0 Performance
- ASP.NET 2.0 Performance Inspection Questions - Data Binding
- ASP.NET 2.0 Security
- ASP.NET 2.0 Security Application Scenarios
- ASP.NET 2.0 Security FAQs
- ASP.NET 2.0 Security Practices - Auditing and Logging
- ASP.NET 2.0 Security Practices - Authentication
- ASP.NET 2.0 Security Practices - Authorization
- ASP.NET 2.0 Security Practices - Code Access Security
- ASP.NET 2.0 Security Practices - Configuration
- ASP.NET 2.0 Security Practices - Data Access
- ASP.NET 2.0 Security Practices - Exception Management
- ASP.NET 2.0 Security Practices - Impersonation and Delegation
- ASP.NET 2.0 Security Practices - Input and Data Validation
- ASP.NET 2.0 Security Practices - Secure Communication
- ASP.NET 2.0 Security Practices - Sensitive Data
- ASP.NET 2.0 Security Questions and Answers
- ASP.NET 2.0 Security Questions and Answers - Authentication
- ASP.NET 2.0 Security Questions and Answers - Configuration
- ASP.NET 2.0 Security Questions and Answers - Impersonation / Delegation
- ASP.NET 2.0 Security Questions and Answers - Others
- ASP.NET 2.0 Security Whiteboard Solutions
- About
- About This Site
- Actors, Personas, and Roles
- Agile Architecture Method
- Agile Architecture Method Explained
- Agile Architecture Method Explained - Chapter 1 - Agile Architecture Method
- Agile Architecture Method Explained - Chapter 2 - Step 1: Identify Architecture Objectives
- Agile Architecture Method Explained - Chapter 3 - Step 2: Identify Key Scenarios
- Agile Architecture Method Explained - Chapter 4 - Step 3: Application Overview
- Agile Architecture Method Explained - Chapter 5 - Step 4: Key Hot Spots
- Agile Architecture Method Explained - Chapter 6 - Step 5: Candidate Solutions
- Agile Architecture Method Explained - Chapter 7 - Reviewing Your Architecture
- Agile Architecture Method Explained - Chapter 8 - Communicating Your Architecture
- Agile Architecture Method Explained - Introduction
- Application Architecture Guide
- Application Architecture Guide - Architecture and Design Solutions At a Glance
- Application Architecture Guide - Chapter 10 - Presentation Layer Guidelines
- Application Architecture Guide - Chapter 11 - Business Layer Guidelines
- Application Architecture Guide - Chapter 12 - Data Access Layer Guidelines
- Application Architecture Guide - Chapter 13 - Service Layer Guidelines
- Application Architecture Guide - Chapter 14 - Application Archetypes
- Application Architecture Guide - Chapter 15 - Web Applications
- Application Architecture Guide - Chapter 16 - Rich Internet Applications (RIA)
- Application Architecture Guide - Chapter 17 - Rich Client Applications
- Application Architecture Guide - Chapter 18 - Services
- Application Architecture Guide - Chapter 19 - Mobile Applications
- Application Architecture Guide - Chapter 1 - Fundamentals of Application Architecture
- Application Architecture Guide - Chapter 20 - Office Business Applications (OBA)
- Application Architecture Guide - Chapter 21 - SharePoint Line-Of-Business (LOB) Applications
- Application Architecture Guide - Chapter 2 - .NET Platform Overview
- Application Architecture Guide - Chapter 3 - Architecture and Design Guidelines
- Application Architecture Guide - Chapter 4 - Designing Your Architectures
- Application Architecture Guide - Chapter 5 - Deployment Patterns
- Application Architecture Guide - Chapter 6 - Architectural Styles
- Application Architecture Guide - Chapter 7 - Quality Attributes
- Application Architecture Guide - Chapter 8 - Communication Guidelines
- Application Architecture Guide - Chapter 9 - Layers and Tiers
- Application Architecture Guide - Cheat Sheet - Data Access Technology Matrix
- Application Architecture Guide - Cheat Sheet - Integration Technology Matrix
- Application Architecture Guide - Cheat Sheet - Presentation Technology Matrix
- Application Architecture Guide - Cheat Sheet - Workflow Technology Matrix
- Application Architecture Guide - Cheat Sheet - patterns
- Application Architecture Guide - Cheat Sheet - patterns & practices Pattern Catalog
- Application Architecture Guide - Fast Track
- Application Architecture Guide - Foreword by S. Somasegar
- Application Architecture Guide - Foreword by Scott Guthrie
- Application Architecture Guided - Introduction
- Application Vulnerability Categories
- Architecture
- Architecture Frame
- Architecture and Design Checklist
- Assume all input is malicious.
- Attack Pattern Template
- Attack Patterns
- Attack Template
- Attacks
- Audit and log access across application tiers.
- Auditing and Logging
- Auditing and Logging Vulnerabilities
- Authentication
- Authentication, Authorization and Trust
- Authentication, Authorization and Trust Vulnerabilities
- Authentication Vulnerabilities
- Authorization
- Authorization Vulnerabilities
- Avoid plain text passwords in configuration files
- Avoid storing secrets in the Local Security Authority (LSA).
- Avoid storing sensitive data in view state
- Back up and analyze log files regularly.
- Be able to disable accounts.
- Be careful with canonicalization issues.
- Buffer Overflow
- Buffer Overflow Attack
- Buffer Underwrite
- Build Scenario Frame
- Business Layer Design Checklist
- Can impersonation be used with Forms authentication?
- Canonicalization Attack
- Capture-Replay
- Case Studies
- Catch exceptions.
- Centralize your approach.
- Chapter 10 – Quantifying End-User Response Time Goals
- Chapter 11 – Consolidating Various Types of Performance Acceptance Criteria
- Chapter 12 – Modeling Application Usage
- Chapter 13 – Determining Individual User Data and Variances
- Chapter 14 – Test Execution
- Chapter 15 – Key Mathematic Principles for Performance Testers
- Chapter 16 – Performance Test Reporting Fundamentals
- Chapter 17 – Load-Testing Web Applications
- Chapter 18 – Stress-Testing Web Applications
- Chapter 1 – Fundamentals of Web Application Performance Testing
- Chapter 2 – Types of Performance Testing
- Chapter 3 – Risks Addressed Through Performance Testing
- Chapter 4 – Web Application Performance Testing Core Activities
- Chapter 5 – Coordinating Performance Testing with an Iteration-Based Process
- Chapter 6 – Managing an Agile Performance Test Cycle
- Chapter 7 – Managing the Performance Test Cycle in a Regulated (CMMI) Environment
- Chapter 8 – Evaluating Systems to Increase Performance-Testing Effectiveness
- Chapter 9 – Determining Performance Testing Objectives
- Checklist Item Template
- Chosen Plaintext Attack
- Client Side Validation
- Client Side Validation Vulnerabilities
- Code Access Security (.NET 1.1) Security
- Code Example Template
- Code Examples
- Code Vulnerability Categories
- Command Injection
- Communication Design Checklist
- Communications Security
- Communications Security Vulnerabilities
- Comparing Classes by Name
- Configuration Management
- Configuration Management Vulnerabilities
- Connect using a least privileged account
- Connection string management
- Consider authorization granularity
- Consider authorization granularity.
- Consider identity flow.
- Consider the identity that is used for resource access
- Constrain, Then Sanitize
- Constrain, reject, and sanitize your input.
- Constrain input
- Countermeasures
- Covert Storage Channel
- Covert Timing Channel
- Create application specific event source
- Credentials Brute Force Attack
- Cross-site Scripting
- Cross Site Scripting Attack
- Cryptography
- Cryptography Vulnerabilities
- Cryptography and Secrets
- Cryptography and Secrets Vulnerabilities
- Data Layer Design Checklist
- Data privacy and integrity on the network
- Deletion of Data-structure Sentinel
- Denial of Service Attack
- Deserialization of Untrusted Data
- Do I need to create a unique user account for each application pool?
- Do not cache sensitive data
- Do not develop your own cryptography.
- Do not leak information to the client.
- Do not mix session tokens and authentication tokens
- Do not pass sensitive data from page to page
- Do not pass sensitive data using the HTTP-GET protocol.
- Do not rely on client-side state management options
- Do not rely on client-side validation.
- Do not send passwords over the wire in plaintext.
- Do not store database connections, passwords, or keys in plaintext.
- Do not store passwords in user stores.
- Do not store secrets if you can avoid it.
- Do not store secrets in code.
- Do not store sensitive data in persistent cookies.
- Do not trust HTTP header information.
- Does the code centralize its approach?
- Does the code use protection="All"
- Does the code use the right algorithm with an adequate key size?
- Doubly Freeing Memory
- Encode Output
- Encrypt sensitive cookie state.
- Encrypt sensitive data if you need to store it
- Encrypt the contents of the authentication cookies.
- Encrypt the data or secure the communication channel.
- Engineering Practices
- Engineering Practices Frame
- Engineering Practices Overview
- Engineering Practices Project
- Ensure database connections are always closed
- Enterprise Services (.NET 1.1) Performance
- Enterprise Services (.NET 1.1) Security
- Exception Gatekeeper
- Exception Management
- Exception Management Vulnerabilities
- FAQs
- Fail securely
- Failure of TRNG
- Failure to Add Integrity Check Value
- Failure to Check Integrity Check Value
- Failure to Check Whether Privileges Were Dropped
- Failure to Check for Certificate Revocation
- Failure to Drop Privileges When Reasonable
- Failure to Encrypt Data
- Failure to Follow Chain of Trust in Certificate Validation
- Failure to Protect Class Data with Accessors
- Failure to Validate Certificate Expiration
- Failure to Validate Host-Specific Certificate Data
- Feedback
- Firewall restrictions
- Focus Centers
- Forceful Browsing Attack
- Foreword By Alberto Savoia
- Foreword By Rico Mariani
- Format String
- Format String Attack
- Glossary
- Guidance
- Guidance Engineering
- Guidance Overview
- Guideline Item Template
- HTTP Replay Attack
- Heap Overflow
- Home Page 10
- Home Page 11
- Home Page 12
- Home Page 13
- Home Page 14
- Home Page 15
- Home Page 16
- Home Page 17
- Home Page 18
- Home Page 19
- Home Page 2
- Home Page 20
- Home Page 21
- Home Page 22
- Home Page 23
- Home Page 24
- Home Page 25
- Home Page 3
- Home Page 4
- Home Page 5
- Home Page 6
- Home Page 7
- Home Page 8
- Home Page 9
- Home Page Archive 1
- How To: Perform a Security Code Review Review for Managed Code (Baseline Technique)
- How To Recognize Stack Overflow Vulnerabilities
- How To Template
- How can I retain impersonation in the new thread created from ASP.NET application?
- How do I Sign .Net assemblies with Authenticode signature?
- How do I cache roles in ASP.NET 2.0?
- How do I configure account lockout using membership feature in ASP.Net 2.0?
- How do I create a custom trust level for ASP.NET?
- How do I create a service account for running my ASP.NET applications?
- How do I decide my Authentication strategy in ASP.NET?
- How do I delay sign an ASP.NET application assembly?
- How do I enable Forms Authentication to work with multiple Active Directory domains?
- How do I enable my ASP.NET application to write to new event source?
- How do I encrypt sensitive data in machine.config or web.config file?
- How do I enforce strong passwords using membership feature in ASP.NET 2.0
- How do I flow the original user identity to different layers?
- How do I handle exceptions securely?
- How do I impersonate a specific (fixed) identity?
- How do I impersonate the original caller?
- How do I implement single sign on using forms authentication?
- How do I instrument my application for security?
- How do I lock authorization settings?
- How do I lock configuration settings?
- How do I pre-compile my ASP.NET application?
- How do I prevent detailed errors from returning to the client?
- How do I protect Forms Authentication?
- How do I protect audit and log files?
- How do I protect authorization cookie when using role caching in ASP.NET 2.0?
- How do I protect my web application's ViewState?
- How do I protect passwords?
- How do I protect passwords in user store?
- How do I protect sensitive data in configuration files?
- How do I protect sensitive data in memory?
- How do I protect sensitive data in the database?
- How do I protect the database connection strings in web.config file?
- How do I run an ASP.NET application with a particular identity?
- How do I secure Session State information?
- How do I set up a SQL Server or SQL Express database for Membership, Profiles and Role Management?
- How do I setup a global exception handler for my application?
- How do I strong-name an ASP.NET application assembly?
- How do I strong name an ASP.NET application?
- How do I temporarily impersonate the original caller?
- How do I use File Authorization in ASP.NET 2.0?
- How do I use Forms Authentication with Active Directory?
- How do I use Forms Authentication with SQL Server database?
- How do I use RoleManager in my application?
- How do I use Role Authorization in ASP.NET 2.0?
- How do I use SQL authentication for connecting to SQL server?
- How do I use URL Authorization in ASP.NET 2.0?
- How do I use Windows Groups for role authorization in ASP.NET 2.0?
- How do I use code access security with ASP.NET?
- How do I use my custom role store for roles authorization?
- How do I use my custom user / identity store with forms authentication?
- How do I use programmatic impersonation?
- How do I use structured exception handling?
- How do I use the Health monitoring feature in ASP.NET 2.0?
- How do I use windows authentication for connecting to SQL server?
- How do I validate input in HTML controls, QueryString, cookies, and HTTP headers?
- How do I validate input in server-side controls?
- How do I write partial trust applications?
- How is the AuthorizationStoreRoleProvider different from Authorization Manager APIs?
- How should I prevent someone from disassembling code?
- Ignored Function Return Value
- Impersonate original caller only when required
- Implement page-level or application-level error handlers
- Improper Pointer Subtraction
- Improper String Length Checking
- Info Disclosure Through Data Queries
- Info Disclosure Through Error Messages
- Input Validation
- Input Validation Vulnerabilities
- Input and Data Validation
- Input and Data Validation Vulnerabilities
- Inspection Center
- Install URLScan on your Web server
- Insufficient Entropy in PRNG
- Integer Overflow
- Integer Overflow Attack
- Internet Facing Bank Application
- Interop (.NET 1.1) Performance
- Invoking Untrusted Mobile Code
- J.D. Meier
- Keep unencrypted data close to the algorithm.
- Key Exchange Without Entity Authentication
- Knowledge Base
- LDAP Injection Attack
- Language Feature Misuse Vulnerabilities
- Large Software Development Shop Security Engineering Team
- Limit session lifetime.
- Log detailed error messages.
- Log key events.
- Logic Errors
- Logic Errors Vulnerabilities
- Login account configuration
- Logon auditing
- Main Page
- Maintain sensitive data on the server
- Maintain separate administration privileges.
- Make sure that users do not bypass your checks.
- Man in the Middle Attack
- Memory
- Memory Vulnerabilities
- Miscalculated Null Termination
- Missing Parameter
- Misuse of Language Features
- Mobile Application Design Checklist
- Network Eavesdropping Attack
- News and Highlights
- Non-cryptographic PRNG
- Not Allowing Password Aging
- Not Using a Random IV with CBC Mode
- Null Pointer Dereference
- One-click Attack
- Overlays
- Partition your Web site
- Passing Mutable Objects to an Untrusted Method
- Password Dictionary Attack
- Performance
- Performance At a Glance
- Performance Cheat Sheets
- Performance Checklists
- Performance Conceptual Framework
- Performance Explained
- Performance Guidelines
- Performance How Tos
- Performance Inspection Questions
- Performance Inspections
- Performance Methodologies
- Performance Modeling
- Performance Practices
- Performance Principles
- Performance Techniques
- Performance Testing
- Performance Testing Glossary
- Performance Testing Guidance for Web Applications
- Personas
- Personas at patterns & practices
- Personas at patterns and practices
- Place Web controls and user controls in separate assemblies
- Place resource access code in a separate assembly
- Portal:Security/box-footer
- Portal:Security/box-header
- Portal:Topic/box-footer
- Portal:Topic/box-header
- Prescriptive Guidance
- Presentation Layer Design Checklist
- Principles
- Project Management Scenario Frame
- Protect authentication cookies.
- Protect credentials and authentication tickets
- Protect log files.
- Protect sensitive data in storage
- Protect sensitive data over the wire
- Protect session state from unauthorized access.
- Protect the credentials for SQL authentication
- Protect view state with MACs
- Protect your administration interfaces.
- Protect your configuration store.
- Protect your encryption keys.
- Questions and Answers
- Race Condition in Checking for Certificate Revocation
- Race Condition in Signal Handler
- Race Condition in Switch
- Race Condition in Thread
- Race Condition in Time of Check, Time of Use
- Range
- Range Vulnerabilities
- Reflection Attack in an Authentication Protocol
- Remoting (.NET 1.1) Performance
- Remoting (.NET 1.1) Performance Guidelines - DataSets and Remoting
- Remoting (.NET 1.1) Security
- Reporting Scenario Frame
- Repudiation Attack
- Require authentication for sensitive pages
- Require strong passwords.
- Resources Index
- Response Splitting Attack
- Restrict the application in the database
- Restrict unauthorized callers
- Restrict unauthorized code
- Restrict user access to system-level resources.
- Retrieve sensitive data on demand.
- Return generic error pages to the client
- Returning Mutable Object to an Untrusted Method
- Reusing a Nonce, Key Pair in Encryption
- Rich Client Design Checklist
- Rich Internet Application (RIA) Design Checklist
- SQL Injection
- SQL Injection Attack
- Sanitize Input
- Scenario Frames
- Secure UDL files with restricted ACLs
- Secure restricted pages with SSL
- Secure sensitive data over the network
- Secure the authentication cookie
- Secure the session data
- Secure your connection strings
- Security
- Security3
- Security Application Scenarios
- Security At a Glances
- Security Case Studies
- Security Cheat Sheets
- Security Checklists
- Security Code Inspection
- Security Deployment Inspection
- Security Design Guidelines
- Security Design Inspection
- Security Design Patterns
- Security Design Principles - Auditing and Logging
- Security Design Principles - Authorization
- Security Design Principles - Cryptography
- Security Engineering Explained
- Security Engineering Explained - Chapter 1 - Security Engineering Approach
- Security Engineering Explained - Chapter 2 - Security Objectives
- Security Engineering Explained - Chapter 3 - Security Design Guidelines
- Security Engineering Explained - Chapter 4 - Threat Modeling
- Security Engineering Explained - Chapter 5 - Security Architecture and Design Review
- Security Engineering Explained - Chapter 6 - Security Code Review
- Security Engineering Explained - Chapter 7 - Security Deployment Review
- Security Engineering Explained - Introduction
- Security Engineering Ramp Up Training
- Security Explained
- Security Guidelines
- Security How Tos
- Security Implementation Patterns
- Security Inspection Questions
- Security Inspections
- Security Methodologies
- Security Objectives
- Security Patterns
- Security Practices