All articles

From Guidance Share

Jump to: navigation, search
Display pages starting at:
All pages | Next page (Type)

.NET 2.0 Performance Guidelines - Arrays.NET 2.0 Performance Guidelines - Asynchronous.NET 2.0 Performance Guidelines - Boxing and Unboxing
.NET 2.0 Performance Guidelines - Code Access Security.NET 2.0 Performance Guidelines - Collections.NET 2.0 Performance Guidelines - Exception Management
.NET 2.0 Performance Guidelines - Finalize and Dispose.NET 2.0 Performance Guidelines - Garbage Collection.NET 2.0 Performance Guidelines - Iterating and Looping
.NET 2.0 Performance Guidelines - Locking and Synchronization.NET 2.0 Performance Guidelines - Ngen.exe.NET 2.0 Performance Guidelines - Pinning
.NET 2.0 Performance Guidelines - Reflection and Late Binding.NET 2.0 Performance Guidelines - String Operations.NET 2.0 Performance Guidelines - Threading
.NET 2.0 Performance Guidelines - What's New in 2.0.NET 2.0 Security Guidelines - APTCA.NET 2.0 Security Guidelines - Assembly Design Guidelines
.NET 2.0 Security Guidelines - Class Design Considerations.NET 2.0 Security Guidelines - Exception Management.NET 2.0 Security Guidelines - Strong Names
.NET Development Performance Practices at a Glance.NET Framework 1.1 Performance.NET Framework 1.1 Performance Checklist
.NET Framework 1.1 Performance Guidelines.NET Framework 1.1 Performance Guidelines - Arrays.NET Framework 1.1 Performance Guidelines - Asynchronous
.NET Framework 1.1 Performance Guidelines - Boxing and Unboxing.NET Framework 1.1 Performance Guidelines - Class Design Considerations.NET Framework 1.1 Performance Guidelines - Code Access Security
.NET Framework 1.1 Performance Guidelines - Collections.NET Framework 1.1 Performance Guidelines - Exception Management.NET Framework 1.1 Performance Guidelines - Finalize and Dispose
.NET Framework 1.1 Performance Guidelines - Garbage Collection.NET Framework 1.1 Performance Guidelines - Iterating and Looping.NET Framework 1.1 Performance Guidelines - Locking and Synchronization
.NET Framework 1.1 Performance Guidelines - Ngen.exe.NET Framework 1.1 Performance Guidelines - Pinning.NET Framework 1.1 Performance Guidelines - Reflection and Late Binding
.NET Framework 1.1 Performance Guidelines - String Operations.NET Framework 1.1 Performance Guidelines - Threading.NET Framework 1.1 Performance Guidelines - Working Set
.NET Framework 1.1 Security.NET Framework 1.1 Security Checklist.NET Framework 1.1 Security Guidelines
.NET Framework 1.1 Security Guidelines - Assembly Design Considerations.NET Framework 1.1 Security Guidelines - Class Design Considerations.NET Framework 1.1 Security Guidelines - Cryptography
.NET Framework 1.1 Security Guidelines - Delegates.NET Framework 1.1 Security Guidelines - Exception Management.NET Framework 1.1 Security Guidelines - File I/O
.NET Framework 1.1 Security Guidelines - Obfuscation.NET Framework 1.1 Security Guidelines - Reflection.NET Framework 1.1 Security Guidelines - Registry
.NET Framework 1.1 Security Guidelines - Serialization.NET Framework 1.1 Security Guidelines - Strong Names.NET Framework 1.1 Security Guidelines - Threading
.NET Framework 1.1 Security Guidelines - Unmanaged Code.NET Framework 2.0 Performance.NET Framework 2.0 Performance Checklist
.NET Framework 2.0 Performance Guidelines.NET Framework 2.0 Performance Inspection Questions.NET Framework 2.0 Performance Inspection Questions - Arrays
.NET Framework 2.0 Performance Inspection Questions - Asynchronous Processing.NET Framework 2.0 Performance Inspection Questions - Class Design Considerations.NET Framework 2.0 Performance Inspection Questions - Code Access Security
.NET Framework 2.0 Performance Inspection Questions - Collections.NET Framework 2.0 Performance Inspection Questions - Common Performance Issues.NET Framework 2.0 Performance Inspection Questions - Exception Handling
.NET Framework 2.0 Performance Inspection Questions - Locking and Synchronization.NET Framework 2.0 Performance Inspection Questions - Looping and Recursion.NET Framework 2.0 Performance Inspection Questions - Memory Management
.NET Framework 2.0 Performance Inspection Questions - Ngen.exe.NET Framework 2.0 Performance Inspection Questions - Serialization.NET Framework 2.0 Performance Inspection Questions - String Operations
.NET Framework 2.0 Performance Inspection Questions - Threading.NET Framework 2.0 Performance Inspection Questions - Visual Basic Considerations.NET Framework 2.0 Security
.NET Framework 2.0 Security Checklist.NET Framework 2.0 Security Checklists.NET Framework 2.0 Security Guidelines
.NET Framework 2.0 Security Guidelines - Communication Security.NET Framework 2.0 Security Guidelines - Cryptography.NET Framework 2.0 Security Guidelines - Data Access
.NET Framework 2.0 Security Guidelines - Delegates.NET Framework 2.0 Security Guidelines - Event Log.NET Framework 2.0 Security Guidelines - File I/O
.NET Framework 2.0 Security Guidelines - Obfuscation.NET Framework 2.0 Security Guidelines - Reflection.NET Framework 2.0 Security Guidelines - Registry
.NET Framework 2.0 Security Guidelines - Sensitive Data.NET Framework 2.0 Security Guidelines - Serialization.NET Framework 2.0 Security Guidelines - Threading
.NET Framework 2.0 Security Guidelines - Unmanaged Code.NET Framework 2.0 Security Inspection Questions.NET Framework 2.0 Security Inspection Questions - Auditing and Logging
.NET Framework 2.0 Security Inspection Questions - Code Access Security.NET Framework 2.0 Security Inspection Questions - Cross-Site Scripting.NET Framework 2.0 Security Inspection Questions - Cryptography
.NET Framework 2.0 Security Inspection Questions - Exception Management.NET Framework 2.0 Security Inspection Questions - Impersonation.NET Framework 2.0 Security Inspection Questions - Input and Data Validation
.NET Framework 2.0 Security Inspection Questions - Multi-Threading.NET Framework 2.0 Security Inspection Questions - Potentially Dangerous Unmanaged APIs.NET Framework 2.0 Security Inspection Questions - SQL Injection
.NET Framework 2.0 Security Inspection Questions - Sensitive Data.NET Framework 2.0 Security Inspection Questions - Unsafe Code.NET Framework 2.0 Security Inspection Questions - What's New in 2.0
ADO.NET 1.1 PerformanceADO.NET 1.1 Performance ChecklistADO.NET 1.1 Performance Guidelines
ADO.NET 1.1 Performance Guidelines - Binary Large ObjectsADO.NET 1.1 Performance Guidelines - CommandsADO.NET 1.1 Performance Guidelines - Connections
ADO.NET 1.1 Performance Guidelines - DataReaderADO.NET 1.1 Performance Guidelines - DataSetADO.NET 1.1 Performance Guidelines - Design Considerations
ADO.NET 1.1 Performance Guidelines - Exception ManagementADO.NET 1.1 Performance Guidelines - ParametersADO.NET 1.1 Performance Guidelines - Stored Procedures
ADO.NET 1.1 Performance Guidelines - TransactionsADO.NET 1.1 Performance Guidelines - XML and DataSet ObjectsADO.NET 1.1 Security
ADO.NET 1.1 Security ChecklistADO.NET 1.1 Security GuidelinesADO.NET 1.1 Security Guidelines - Authentication
ADO.NET 1.1 Security Guidelines - AuthorizationADO.NET 1.1 Security Guidelines - Configuration ManagementADO.NET 1.1 Security Guidelines - Deployment Considerations
ADO.NET 1.1 Security Guidelines - Design ConsiderationsADO.NET 1.1 Security Guidelines - Exception ManagementADO.NET 1.1 Security Guidelines - Input Validation
ADO.NET 1.1 Security Guidelines - Sensitive DataADO.NET 2.0 PerformanceADO.NET 2.0 Performance Checklist
ADO.NET 2.0 Performance GuidelinesADO.NET 2.0 Performance Guidelines - Binary Large ObjectsADO.NET 2.0 Performance Guidelines - Commands
ADO.NET 2.0 Performance Guidelines - ConnectionsADO.NET 2.0 Performance Guidelines - DataReaderADO.NET 2.0 Performance Guidelines - DataSet
ADO.NET 2.0 Performance Guidelines - Design ConsiderationsADO.NET 2.0 Performance Guidelines - Exception ManagementADO.NET 2.0 Performance Guidelines - New in 2.0
ADO.NET 2.0 Performance Guidelines - ParametersADO.NET 2.0 Performance Guidelines - Stored ProceduresADO.NET 2.0 Performance Guidelines - Transactions
ADO.NET 2.0 Performance Guidelines - XML and DataSet ObjectsADO.NET 2.0 SecurityADO.NET 2.0 Security Checklists
ADO.NET 2.0 Security GuidelinesADO.NET 2.0 Security Guidelines - AuthenticationADO.NET 2.0 Security Guidelines - Authorization
ADO.NET 2.0 Security Guidelines - Code Access Security ConsiderationsADO.NET 2.0 Security Guidelines - Configuration and Connection StringsADO.NET 2.0 Security Guidelines - Deployment Considerations
ADO.NET 2.0 Security Guidelines - Exception ManagementADO.NET 2.0 Security Guidelines - Input / Data ValidationADO.NET 2.0 Security Guidelines - SQL Injection
ADO.NET 2.0 Security Guidelines - Sensitive DataASP.NET 1.1 - Enterprise Services to SQL ServerASP.NET 1.1 - Extranet Exposing a Web Application
ASP.NET 1.1 - Extranet Exposing a Web ServiceASP.NET 1.1 - Internet Web to SQL ServerASP.NET 1.1 - Intranet Web to Database
ASP.NET 1.1 - Remote Enterprise Services to SQL ServerASP.NET 1.1 - Web Services to SQL ServerASP.NET 1.1 Performance
ASP.NET 1.1 Performance ChecklistASP.NET 1.1 Performance GuidelinesASP.NET 1.1 Performance Guidelines - Application State
ASP.NET 1.1 Performance Guidelines - COM InteropASP.NET 1.1 Performance Guidelines - CachingASP.NET 1.1 Performance Guidelines - Data Access
ASP.NET 1.1 Performance Guidelines - Data BindingASP.NET 1.1 Performance Guidelines - Design ConsiderationsASP.NET 1.1 Performance Guidelines - Exception Management
ASP.NET 1.1 Performance Guidelines - HTTP ModulesASP.NET 1.1 Performance Guidelines - PagesASP.NET 1.1 Performance Guidelines - Resource Management
ASP.NET 1.1 SecurityASP.NET 1.1 Security Application ScenariosASP.NET 1.1 Security Checklist
ASP.NET 1.1 Security GuidelinesASP.NET 1.1 Security Guidelines - Auditing and LoggingASP.NET 1.1 Security Guidelines - Authentication
ASP.NET 1.1 Security Guidelines - AuthorizationASP.NET 1.1 Security Guidelines - Cross-Site ScriptingASP.NET 1.1 Security Guidelines - Design Considerations
ASP.NET 1.1 Security Guidelines - Exception ManagementASP.NET 1.1 Security Guidelines - ImpersonationASP.NET 1.1 Security Guidelines - Input Validation
ASP.NET 1.1 Security Guidelines - Parameter ManipulationASP.NET 1.1 Security Guidelines - Sensitive DataASP.NET 1.1 Security Guidelines - Session Management
ASP.NET 1.1 Security Whiteboard SolutionsASP.NET 2.0 Code ExamplesASP.NET 2.0 Internet - Forms Authentication to SQL, Roles in SQL
ASP.NET 2.0 Intranet - Forms Authentication to AD, Roles in ADASP.NET 2.0 Intranet - Windows Auth to AD GroupsASP.NET 2.0 Intranet - Windows Authentication, Roles in AD
ASP.NET 2.0 Intranet - Windows Authentication, SQL RolesASP.NET 2.0 PerformanceASP.NET 2.0 Performance Checklist
ASP.NET 2.0 Performance GuidelinesASP.NET 2.0 Performance Guidelines - Application StateASP.NET 2.0 Performance Guidelines - COM Interop
ASP.NET 2.0 Performance Guidelines - CachingASP.NET 2.0 Performance Guidelines - Data AccessASP.NET 2.0 Performance Guidelines - Data Binding
ASP.NET 2.0 Performance Guidelines - Deployment ConsiderationsASP.NET 2.0 Performance Guidelines - Design ConsiderationsASP.NET 2.0 Performance Guidelines - Exception Management
ASP.NET 2.0 Performance Guidelines - HTTP ModulesASP.NET 2.0 Performance Guidelines - PagesASP.NET 2.0 Performance Guidelines - Resource Management
ASP.NET 2.0 Performance Guidelines - Security ConsiderationsASP.NET 2.0 Performance Guidelines - Server ControlsASP.NET 2.0 Performance Guidelines - Session State
ASP.NET 2.0 Performance Guidelines - State ManagementASP.NET 2.0 Performance Guidelines - String ManagementASP.NET 2.0 Performance Guidelines - Threading
ASP.NET 2.0 Performance Guidelines - View StateASP.NET 2.0 Performance Inspection QuestionsASP.NET 2.0 Performance Inspection Questions - Application State
ASP.NET 2.0 Performance Inspection Questions - CachingASP.NET 2.0 Performance Inspection Questions - Data AccessASP.NET 2.0 Performance Inspection Questions - Data Binding
ASP.NET 2.0 Performance Inspection Questions - Exception ManagementASP.NET 2.0 Performance Inspection Questions - Machine.configASP.NET 2.0 Performance Inspection Questions - Pages
ASP.NET 2.0 Performance Inspection Questions - Resource ManagementASP.NET 2.0 Performance Inspection Questions - Server ControlsASP.NET 2.0 Performance Inspection Questions - Session State
ASP.NET 2.0 Performance Inspection Questions - String ManagementASP.NET 2.0 Performance Inspection Questions - ThreadingASP.NET 2.0 Performance Inspection Questions - Unmanaged Code
ASP.NET 2.0 Performance Inspection Questions - View StateASP.NET 2.0 SecurityASP.NET 2.0 Security Application Scenarios
ASP.NET 2.0 Security ChecklistsASP.NET 2.0 Security FAQsASP.NET 2.0 Security Guidelines
ASP.NET 2.0 Security Guidelines - Auditing and LoggingASP.NET 2.0 Security Guidelines - AuthorizationASP.NET 2.0 Security Guidelines - Code Access Security
ASP.NET 2.0 Security Guidelines - Communication SecurityASP.NET 2.0 Security Guidelines - Data AccessASP.NET 2.0 Security Guidelines - Deployment Considerations
ASP.NET 2.0 Security Guidelines - Exception ManagementASP.NET 2.0 Security Guidelines - Forms AuthenticationASP.NET 2.0 Security Guidelines - Impersonation/Delegation
ASP.NET 2.0 Security Guidelines - Input/Data ValidationASP.NET 2.0 Security Guidelines - Parameter ManipulationASP.NET 2.0 Security Guidelines - Sensitive Data
ASP.NET 2.0 Security Guidelines - Session ManagementASP.NET 2.0 Security Guidelines - Windows AuthenticationASP.NET 2.0 Security Inspection Questions
ASP.NET 2.0 Security Inspection Questions - Auditing and LoggingASP.NET 2.0 Security Inspection Questions - AuthorizationASP.NET 2.0 Security Inspection Questions - Code Access Security
ASP.NET 2.0 Security Inspection Questions - Cross-Site ScriptingASP.NET 2.0 Security Inspection Questions - CryptographyASP.NET 2.0 Security Inspection Questions - Data Access
ASP.NET 2.0 Security Inspection Questions - Exception ManagementASP.NET 2.0 Security Inspection Questions - Forms AuthenticationASP.NET 2.0 Security Inspection Questions - Impersonation
ASP.NET 2.0 Security Inspection Questions - Input and Data ValidationASP.NET 2.0 Security Inspection Questions - Potentially Dangerous Unmanaged APIsASP.NET 2.0 Security Inspection Questions - SQL Injection
ASP.NET 2.0 Security Inspection Questions - Sensitive DataASP.NET 2.0 Security Inspection Questions - Unsafe CodeASP.NET 2.0 Security Inspection Questions - What's New in 2.0
ASP.NET 2.0 Security PracticesASP.NET 2.0 Security Practices - Auditing and LoggingASP.NET 2.0 Security Practices - Authentication
ASP.NET 2.0 Security Practices - AuthorizationASP.NET 2.0 Security Practices - Code Access SecurityASP.NET 2.0 Security Practices - Configuration
ASP.NET 2.0 Security Practices - Data AccessASP.NET 2.0 Security Practices - Exception ManagementASP.NET 2.0 Security Practices - Impersonation and Delegation
ASP.NET 2.0 Security Practices - Input and Data ValidationASP.NET 2.0 Security Practices - Secure CommunicationASP.NET 2.0 Security Practices - Sensitive Data
ASP.NET 2.0 Security Practices - What's New in 2.0ASP.NET 2.0 Security Questions and AnswersASP.NET 2.0 Security Questions and Answers - Authentication
ASP.NET 2.0 Security Questions and Answers - ConfigurationASP.NET 2.0 Security Questions and Answers - Impersonation / DelegationASP.NET 2.0 Security Questions and Answers - Others
ASP.NET 2.0 Security Whiteboard SolutionsASP.NET Security Inspection Questions - AuthenticationAbout
About This SiteActors, Personas, and RolesAgile Architecture Method
Agile Architecture Method ExplainedAgile Architecture Method Explained - Chapter 1 - Agile Architecture MethodAgile Architecture Method Explained - Chapter 2 - Step 1: Identify Architecture Objectives
Agile Architecture Method Explained - Chapter 3 - Step 2: Identify Key ScenariosAgile Architecture Method Explained - Chapter 4 - Step 3: Application OverviewAgile Architecture Method Explained - Chapter 5 - Step 4: Key Hot Spots
Agile Architecture Method Explained - Chapter 6 - Step 5: Candidate SolutionsAgile Architecture Method Explained - Chapter 7 - Reviewing Your ArchitectureAgile Architecture Method Explained - Chapter 8 - Communicating Your Architecture
Agile Architecture Method Explained - IntroductionApplication Architecture GuideApplication Architecture Guide - Architecture and Design Solutions At a Glance
Application Architecture Guide - Chapter 10 - Presentation Layer GuidelinesApplication Architecture Guide - Chapter 11 - Business Layer GuidelinesApplication Architecture Guide - Chapter 12 - Data Access Layer Guidelines
Application Architecture Guide - Chapter 13 - Service Layer GuidelinesApplication Architecture Guide - Chapter 14 - Application ArchetypesApplication Architecture Guide - Chapter 15 - Web Applications
Application Architecture Guide - Chapter 16 - Rich Internet Applications (RIA)Application Architecture Guide - Chapter 17 - Rich Client ApplicationsApplication Architecture Guide - Chapter 18 - Services
Application Architecture Guide - Chapter 19 - Mobile ApplicationsApplication Architecture Guide - Chapter 1 - Fundamentals of Application ArchitectureApplication Architecture Guide - Chapter 20 - Office Business Applications (OBA)
Application Architecture Guide - Chapter 21 - SharePoint Line-Of-Business (LOB) ApplicationsApplication Architecture Guide - Chapter 2 - .NET Platform OverviewApplication Architecture Guide - Chapter 3 - Architecture and Design Guidelines
Application Architecture Guide - Chapter 4 - Designing Your ArchitecturesApplication Architecture Guide - Chapter 5 - Deployment PatternsApplication Architecture Guide - Chapter 6 - Architectural Styles
Application Architecture Guide - Chapter 7 - Quality AttributesApplication Architecture Guide - Chapter 8 - Communication GuidelinesApplication Architecture Guide - Chapter 9 - Layers and Tiers
Application Architecture Guide - Cheat Sheet - Data Access Technology MatrixApplication Architecture Guide - Cheat Sheet - Integration Technology MatrixApplication Architecture Guide - Cheat Sheet - Presentation Technology Matrix
Application Architecture Guide - Cheat Sheet - Workflow Technology MatrixApplication Architecture Guide - Cheat Sheet - patternsApplication Architecture Guide - Cheat Sheet - patterns & practices Pattern Catalog
Application Architecture Guide - Fast TrackApplication Architecture Guide - Foreword by S. SomasegarApplication Architecture Guide - Foreword by Scott Guthrie
Application Architecture Guided - IntroductionApplication Performance MethodologyApplication Vulnerability Categories
ArchitectureArchitecture FrameArchitecture and Design Checklist
Assume all input is malicious.At a Glance: Performance ModelingAt a Glance: Security Engineering
At a Glance: Security InspectionsAt a Glance: Threat ModelingAttack Pattern Template
Attack PatternsAttack TemplateAttacks
Audit and log access across application tiers.Auditing and LoggingAuditing and Logging Vulnerabilities
AuthenticationAuthentication, Authorization and TrustAuthentication, Authorization and Trust Vulnerabilities
Authentication VulnerabilitiesAuthorizationAuthorization Vulnerabilities
Avoid plain text passwords in configuration filesAvoid storing secrets in the Local Security Authority (LSA).Avoid storing sensitive data in view state
Back up and analyze log files regularly.Be able to disable accounts.Be careful with canonicalization issues.
Buffer OverflowBuffer Overflow AttackBuffer Overflow Attack Pattern
Buffer Overflow Vulnerability PatternBuffer UnderwriteBuild Scenario Frame
Business Layer Design ChecklistCan impersonation be used with Forms authentication?Canonicalization Attack
Capture-ReplayCase StudiesCatch exceptions.
Centralize your approach.Chapter 10 – Quantifying End-User Response Time GoalsChapter 11 – Consolidating Various Types of Performance Acceptance Criteria
Chapter 12 – Modeling Application UsageChapter 13 – Determining Individual User Data and VariancesChapter 14 – Test Execution
Chapter 15 – Key Mathematic Principles for Performance TestersChapter 16 – Performance Test Reporting FundamentalsChapter 17 – Load-Testing Web Applications
Chapter 18 – Stress-Testing Web ApplicationsChapter 1 – Fundamentals of Web Application Performance TestingChapter 2 – Types of Performance Testing
Chapter 3 – Risks Addressed Through Performance TestingChapter 4 – Web Application Performance Testing Core ActivitiesChapter 5 – Coordinating Performance Testing with an Iteration-Based Process
Chapter 6 – Managing an Agile Performance Test CycleChapter 7 – Managing the Performance Test Cycle in a Regulated (CMMI) EnvironmentChapter 8 – Evaluating Systems to Increase Performance-Testing Effectiveness
Chapter 9 – Determining Performance Testing ObjectivesCheat Sheet: .NET Framework 2.0 Security Inspection QuestionsCheat Sheet: ASP.NET 2.0 Security Inspection Questions
Cheat Sheet: Performance Modeling Web ApplicationsCheat Sheet: Potentially Dangerous Unmanaged APIsCheat Sheet: Security Engineering
Cheat Sheet: Threat Modeling TermsCheat Sheet: Threat Modeling Web ApplicationsCheat Sheet: Web Application Performance Frame
Cheat Sheet: Web Application Security FrameChecklist Item TemplateChosen Plaintext Attack
Client Side ValidationClient Side Validation VulnerabilitiesCode Access Security (.NET 1.1) Security
Code Access Security (.NET 1.1) Security ChecklistCode Example TemplateCode Examples
Code Vulnerability CategoriesCommand InjectionCommunication Design Checklist
Communications SecurityCommunications Security VulnerabilitiesComparing Classes by Name
Configuration ManagementConfiguration Management VulnerabilitiesConnect using a least privileged account
Connection string managementConsider authorization granularityConsider authorization granularity.
Consider identity flow.Consider the identity that is used for resource accessConstrain, Then Sanitize
Constrain, reject, and sanitize your input.Constrain inputCore Security Principles
CountermeasuresCovert Storage ChannelCovert Timing Channel
Create application specific event sourceCredentials Brute Force AttackCross-site Scripting
Cross Site Scripting AttackCryptographyCryptography Vulnerabilities
Cryptography and SecretsCryptography and Secrets VulnerabilitiesData Layer Design Checklist
Data privacy and integrity on the networkDeletion of Data-structure SentinelDenial of Service Attack
Deserialization of Untrusted DataDo I need to create a unique user account for each application pool?Do not cache sensitive data
Do not develop your own cryptography.Do not leak information to the client.Do not mix session tokens and authentication tokens
Do not pass sensitive data from page to pageDo not pass sensitive data using the HTTP-GET protocol.Do not rely on client-side state management options
Do not rely on client-side validation.Do not send passwords over the wire in plaintext.Do not store database connections, passwords, or keys in plaintext.
Do not store passwords in user stores.Do not store secrets if you can avoid it.Do not store secrets in code.
Do not store sensitive data in persistent cookies.Do not trust HTTP header information.Does the code centralize its approach?
Does the code use protection="All"Does the code use the right algorithm with an adequate key size?Doubly Freeing Memory
Encode OutputEncrypt sensitive cookie state.Encrypt sensitive data if you need to store it
Encrypt the contents of the authentication cookies.Encrypt the data or secure the communication channel.Engineering Practices
Engineering Practices FrameEngineering Practices OverviewEngineering Practices Project
Ensure database connections are always closedEnterprise Services (.NET 1.1) PerformanceEnterprise Services (.NET 1.1) Performance Checklist
Enterprise Services (.NET 1.1) Performance GuidelinesEnterprise Services (.NET 1.1) Performance Guidelines - Design ConsiderationsEnterprise Services (.NET 1.1) Performance Guidelines - Loosely Coupled Events
Enterprise Services (.NET 1.1) Performance Guidelines - Object PoolingEnterprise Services (.NET 1.1) Performance Guidelines - Queued ComponentsEnterprise Services (.NET 1.1) Performance Guidelines - Resource Management
Enterprise Services (.NET 1.1) Performance Guidelines - SecurityEnterprise Services (.NET 1.1) Performance Guidelines - State ManagementEnterprise Services (.NET 1.1) Performance Guidelines - Threading
Enterprise Services (.NET 1.1) Performance Guidelines - TransactionsEnterprise Services (.NET 1.1) SecurityEnterprise Services (.NET 1.1) Security Checklist
Exception GatekeeperException ManagementException Management Vulnerabilities
Explained: ASP.NET Formula for Reducing ContentionExplained: Asynchronous Calls ExplainedExplained: Collections Explained
Explained: DataSet vs. DataReaderExplained: Forms Authentication in ASP.NET 2.0Explained: Locking and Synchronization Explained
Explained: Ngen.exe ExplainedExplained: Remoting ArchitectureExplained: Remoting Leases
Explained: SQL Server Scale Up vs. Scale OutExplained: Server GC vs. Workstation GCExplained: Web Services, Enterprise Services and Remoting
Explained: Web Services (ASMX 1.1) ArchitectureExplained: Windows Authentication in ASP.NET 2.0FAQs
Fail securelyFailure of TRNGFailure to Add Integrity Check Value
Failure to Check Integrity Check ValueFailure to Check Whether Privileges Were DroppedFailure to Check for Certificate Revocation
Failure to Drop Privileges When ReasonableFailure to Encrypt DataFailure to Follow Chain of Trust in Certificate Validation
Failure to Protect Class Data with AccessorsFailure to Validate Certificate ExpirationFailure to Validate Host-Specific Certificate Data
FeedbackFirewall restrictionsFocus Centers
Forceful Browsing AttackForeword By Alberto SavoiaForeword By Rico Mariani
Format StringFormat String AttackGlossary
GuidanceGuidance EngineeringGuidance Overview
Guideline Item TemplateHTTP Replay AttackHeap Overflow
Home Page 10Home Page 11Home Page 12
Home Page 13Home Page 14Home Page 15
Home Page 16Home Page 17Home Page 18
Home Page 19Home Page 2Home Page 20
Home Page 21Home Page 22Home Page 23
Home Page 24Home Page 25Home Page 26
Home Page 3Home Page 4Home Page 5
Home Page 6Home Page 7Home Page 8
Home Page 9Home Page Archive 1How To: Create a Performance Model for a Web Application
How To: Create a Threat Model for a Web Application at Design TimeHow To: Delay Sign an Assembly in .NET 2.0How To: Perform a Security Code Inspection for Managed Code (Baseline Technique)
How To: Perform a Security Code Review Review for Managed Code (Baseline Technique)How To: Perform a Security Deployment Review for ASP.NET 2.0How To: Perform a Security Design Inspection for Web Applications
How To: Use SecureString in .NET 2.0How To Delay Sign an Assembly in .NET 2.0How To Handle Special Characters With Dynamic SQL
How To Identify Buffer Overflow VulnerabilitiesHow To Identify Buffer Underwrite VulnerabilitiesHow To Identify Cross Site Scripting Vulnerabilities
How To Identify Heap Overflow VulnerabilitiesHow To Identify Improper String Length Checking VulnerabilitiesHow To Identify Integer Overflow Vulnerabilities
How To Identify Miscalculated Null Termination VulnerabilitiesHow To Identify SQL Injection VulnerabilitiesHow To Identify Stack Overflow Vulnerabilities
How To Improve Serialization PerformanceHow To Optimize SQL IndexesHow To Optimize SQL Queries
How To Page Records in .NET ApplicationsHow To Perform a Security Deployment Inspection for ASP.NET 2.0How To Protect from Buffer Underwrites
How To Protect from Heap OverflowsHow To Protect from Improper String Length CheckingHow To Protect from Injection Attacks in ASP.NET 2.0
How To Protect from Integer OverflowHow To Protect from Miscalculated Null TerminationHow To Protect from Stack Overflows
How To Protect from Unchecked Array IndexingHow To Recognize Buffer Overflow VulnerabilitiesHow To Recognize Buffer Underwrite Vulnerabilities
How To Recognize Cross Site Scripting VulnerabilitiesHow To Recognize Improper String Length Checking VulnerabilitiesHow To Recognize Integer Overflow Vulnerabilities
How To Recognize Miscalculated Null Termination VulnerabilitiesHow To Recognize SQL Injection VulnerabilitiesHow To Recognize Stack Overflow Vulnerabilities
How To Submit and Poll for Long-Running TasksHow To TemplateHow To Test For Buffer Overflow Vulnerabilities
How To Time Managed Code Using QueryPerformanceCounter and QueryPerformanceFrequencyHow To Use EIFHow To Use SQL Profiler
How To Use SecureString in .NET 2.0How can I retain impersonation in the new thread created from ASP.NET application?How do I Sign .Net assemblies with Authenticode signature?
How do I cache roles in ASP.NET 2.0?How do I configure account lockout using membership feature in ASP.Net 2.0?How do I create a custom trust level for ASP.NET?
How do I create a service account for running my ASP.NET applications?How do I decide my Authentication strategy in ASP.NET?How do I delay sign an ASP.NET application assembly?
How do I enable Forms Authentication to work with multiple Active Directory domains?How do I enable my ASP.NET application to write to new event source?How do I encrypt sensitive data in machine.config or web.config file?
How do I enforce strong passwords using membership feature in ASP.NET 2.0How do I flow the original user identity to different layers?How do I handle exceptions securely?
How do I impersonate a specific (fixed) identity?How do I impersonate the original caller?How do I implement single sign on using forms authentication?
How do I instrument my application for security?How do I lock authorization settings?How do I lock configuration settings?
How do I pre-compile my ASP.NET application?How do I prevent detailed errors from returning to the client?How do I protect Forms Authentication?
How do I protect audit and log files?How do I protect authorization cookie when using role caching in ASP.NET 2.0?How do I protect my web application's ViewState?
How do I protect passwords?How do I protect passwords in user store?How do I protect sensitive data in configuration files?
How do I protect sensitive data in memory?How do I protect sensitive data in the database?How do I protect the database connection strings in web.config file?
How do I run an ASP.NET application with a particular identity?How do I secure Session State information?How do I set up a SQL Server or SQL Express database for Membership, Profiles and Role Management?
How do I setup a global exception handler for my application?How do I strong-name an ASP.NET application assembly?How do I strong name an ASP.NET application?
How do I temporarily impersonate the original caller?How do I use File Authorization in ASP.NET 2.0?How do I use Forms Authentication with Active Directory?
How do I use Forms Authentication with SQL Server database?How do I use RoleManager in my application?How do I use Role Authorization in ASP.NET 2.0?
How do I use SQL authentication for connecting to SQL server?How do I use URL Authorization in ASP.NET 2.0?How do I use Windows Groups for role authorization in ASP.NET 2.0?
How do I use code access security with ASP.NET?How do I use my custom role store for roles authorization?How do I use my custom user / identity store with forms authentication?
How do I use programmatic impersonation?How do I use structured exception handling?How do I use the Health monitoring feature in ASP.NET 2.0?
How do I use windows authentication for connecting to SQL server?How do I validate input in HTML controls, QueryString, cookies, and HTTP headers?How do I validate input in server-side controls?
How do I write partial trust applications?How is the AuthorizationStoreRoleProvider different from Authorization Manager APIs?How should I prevent someone from disassembling code?
How to Handle Special Characters with Dynamic SQLIIS 5/5.1 Security ChecklistIgnored Function Return Value
Impersonate original caller only when requiredImpersonation DelegationImplement page-level or application-level error handlers
Improper Pointer SubtractionImproper String Length CheckingInfo Disclosure Through Data Queries
Info Disclosure Through Error MessagesInput ValidationInput Validation Vulnerabilities
Input and Data ValidationInput and Data Validation VulnerabilitiesInspection Center
Install URLScan on your Web serverInsufficient Entropy in PRNGInteger Overflow
Integer Overflow AttackInteger Overflow Vulnerability PatternInternet Facing Bank Application
Interop (.NET 1.1) PerformanceInterop (.NET 1.1) Performance ChecklistInterop (.NET 1.1) Performance Guidelines
Interop (.NET 1.1) Performance Guidelines - Code Access Security (CAS)Interop (.NET 1.1) Performance Guidelines - Design ConsiderationsInterop (.NET 1.1) Performance Guidelines - Marshal.ReleaseComObject
Interop (.NET 1.1) Performance Guidelines - MarshalingInterop (.NET 1.1) Performance Guidelines - ThreadingInvoking Untrusted Mobile Code
J.D. MeierKeep unencrypted data close to the algorithm.Key Exchange Without Entity Authentication
Knowledge BaseLDAP Injection AttackLanguage Feature Misuse Vulnerabilities
Large Software Development Shop Security Engineering TeamLimit session lifetime.Log detailed error messages.
Log key events.Logic ErrorsLogic Errors Vulnerabilities
Login account configurationLogon auditingMain Page
Maintain sensitive data on the serverMaintain separate administration privileges.Make sure that users do not bypass your checks.
Man in the Middle AttackMemoryMemory Vulnerabilities
Miscalculated Null TerminationMissing ParameterMisuse of Language Features
Mobile Application Design ChecklistNetwork Eavesdropping AttackNetwork Security Checklist
News and HighlightsNon-cryptographic PRNGNot Allowing Password Aging
Not Using a Random IV with CBC ModeNull Pointer DereferenceOne-click Attack
OverlaysPartition your Web sitePassing Mutable Objects to an Untrusted Method
Password Dictionary AttackPerformancePerformance At a Glance
Performance Cheat SheetsPerformance ChecklistsPerformance Conceptual Framework
Performance Design PrinciplesPerformance Design Principles - Browser Client ConsiderationsPerformance Design Principles - Business Layer Considerations
Performance Design Principles - CachingPerformance Design Principles - CommunicationPerformance Design Principles - Concurrency
Performance Design Principles - Coupling and CohesionPerformance Design Principles - Data Access Layer ConsiderationsPerformance Design Principles - Data Structures and Algorithms
Performance Design Principles - DeploymentPerformance Design Principles - DesignPerformance Design Principles - Desktop Application Considerations
Performance Design Principles - Resource ManagementPerformance Design Principles - State ManagementPerformance Design Principles - Web Layer Considerations
Performance Design Process PrinciplesPerformance EngineeringPerformance Explained
Performance GlossaryPerformance GuidelinesPerformance How Tos
Performance Inspection QuestionsPerformance InspectionsPerformance Methodologies
Performance ModelingPerformance PracticesPerformance Principles
Performance TechniquesPerformance TestingPerformance Testing Glossary
Performance Testing Guidance for Web ApplicationsPersonasPersonas at patterns & practices
Personas at patterns and practicesPlace Web controls and user controls in separate assembliesPlace resource access code in a separate assembly
Portal:SecurityPortal:Security/box-footerPortal:Security/box-header
Portal:TopicPortal:Topic/box-footerPortal:Topic/box-header
Prescriptive GuidancePresentation Layer Design ChecklistPrinciples
Project Management Scenario FrameProtect authentication cookies.Protect credentials and authentication tickets
Protect log files.Protect sensitive data in storageProtect sensitive data over the wire
Protect session state from unauthorized access.Protect the credentials for SQL authenticationProtect view state with MACs
Protect your administration interfaces.Protect your configuration store.Protect your encryption keys.
Questions and AnswersRace Condition in Checking for Certificate RevocationRace Condition in Signal Handler
Race Condition in SwitchRace Condition in ThreadRace Condition in Time of Check, Time of Use
RangeRange VulnerabilitiesReflection Attack in an Authentication Protocol
Remoting (.NET 1.1) PerformanceRemoting (.NET 1.1) Performance ChecklistRemoting (.NET 1.1) Performance Guidelines
Remoting (.NET 1.1) Performance Guidelines - ActivationRemoting (.NET 1.1) Performance Guidelines - ChannelsRemoting (.NET 1.1) Performance Guidelines - DataSets and Remoting
Remoting (.NET 1.1) Performance Guidelines - Design ConsiderationsRemoting (.NET 1.1) Performance Guidelines - FormattersRemoting (.NET 1.1) Performance Guidelines - Hosts
Remoting (.NET 1.1) Performance Guidelines - Lifetime ConsiderationsRemoting (.NET 1.1) Performance Guidelines - MarshalByRef vs. MarshalByValueRemoting (.NET 1.1) Performance Guidelines - Serialization and Marshaling
Remoting (.NET 1.1) SecurityRemoting (.NET 1.1) Security ChecklistReporting Scenario Frame
Repudiation AttackRequire authentication for sensitive pagesRequire strong passwords.
Resources IndexResponse Splitting AttackRestrict the application in the database
Restrict unauthorized callersRestrict unauthorized codeRestrict user access to system-level resources.
Retrieve sensitive data on demand.Return generic error pages to the clientReturning Mutable Object to an Untrusted Method
Reusing a Nonce, Key Pair in EncryptionRich Client Design ChecklistRich Internet Application (RIA) Design Checklist
SQL InjectionSQL Injection AttackSQL Injection Attack Pattern
SQL Injection Vulnerability PatternSQL Server 2000 Performance ChecklistSQL Server 2000 Performance Guidelines
SQL Server 2000 Performance Guidelines - Deployment ConsiderationsSQL Server 2000 Performance Guidelines - Execution Plan RecompilesSQL Server 2000 Performance Guidelines - Execution Plans
SQL Server 2000 Performance Guidelines - IndexesSQL Server 2000 Performance Guidelines - MonitoringSQL Server 2000 Performance Guidelines - Queries
SQL Server 2000 Performance Guidelines - SQL XMLSQL Server 2000 Performance Guidelines - SchemaSQL Server 2000 Performance Guidelines - Stored Procedures
SQL Server 2000 Performance Guidelines - TestingSQL Server 2000 Performance Guidelines - TransactionsSQL Server 2000 Performance Guidelines - Tuning
Sanitize InputScenario FramesSecure UDL files with restricted ACLs
Secure restricted pages with SSLSecure sensitive data over the networkSecure the authentication cookie
Secure the session dataSecure your connection stringsSecurity
Security3Security Application ScenariosSecurity At a Glances
Security Case StudiesSecurity Cheat SheetsSecurity Checklists
Security Code InspectionSecurity Deployment InspectionSecurity Design Guidelines
Security Design InspectionSecurity Design PatternsSecurity Design Principles
Security Design Principles - Auditing and LoggingSecurity Design Principles - AuthenticationSecurity Design Principles - Authorization
Security Design Principles - Configuration ManagementSecurity Design Principles - CryptographySecurity Design Principles - Exception Management
Security Design Principles - Input/Data ValidationSecurity Design Principles - Sensitive DataSecurity Design Principles - Session Management
Security EngineeringSecurity Engineering ExplainedSecurity Engineering Explained - Chapter 1 - Security Engineering Approach
Security Engineering Explained - Chapter 2 - Security ObjectivesSecurity Engineering Explained - Chapter 3 - Security Design GuidelinesSecurity Engineering Explained - Chapter 4 - Threat Modeling
Security Engineering Explained - Chapter 5 - Security Architecture and Design ReviewSecurity Engineering Explained - Chapter 6 - Security Code ReviewSecurity Engineering Explained - Chapter 7 - Security Deployment Review
Security Engineering Explained - IntroductionSecurity Engineering Ramp Up TrainingSecurity Explained
Security GlossarySecurity GuidelinesSecurity How Tos
Security Implementation PatternsSecurity Inspection QuestionsSecurity Inspections
Security MethodologiesSecurity ObjectivesSecurity Patterns
Security PracticesSecurity PrinciplesSecurity Questions and Answers
Security Tech CentersSecurity TechniquesSecurity Templates
Security WalkthroughsSensitive DataSensitive Data Vulnerabilities
Separate public and restricted areas.Server-side Code Injection AttackServer Security Frame
Server Security MethodologyServices Layer Design ChecklistSession Hijacking Attack
Session ManagementSession Management VulnerabilitiesSet the correct character encoding
Sign ConversionSoftware Engineering Practices OverviewSource Control Scenario Frame
Stack OverflowStore password hashes with saltStoring Passwords in a Recoverable Format
Support password expiration periods.Synchronization and TimingSynchronization and Timing Vulnerabilities
Tech CentersTechnologiesTechnology Index
Template Example: Web Application Threat ModelTemplatesTest1
Test Portal PageTest page 1Test page g
Test page g2Threat ModelThreat Modeling
ThreatsThreats and CountermeasuresThreats and Countermeasures How Tos
Threats and Countermeasures PatternsThreats and Countermeasures TemplatesThreats and Countermeasures Terminology
TopicsTrap and log ADO.NET exceptionsTruncation
Trusted SubsystemTrusting Self Reported DNS NameTrusting Self Reported IP Address
Views
Personal tools