All articles

From Guidance Share

Jump to: navigation, search
Display pages starting at:
All pages

TypeType VulnerabilitiesUnchecked Array Indexing
Uninitialized VariableUnintentional Pointer ScalingUnsafe Function Call from Signal Handler
Use Data Protection API (DPAPI) for encrypting secrets.Use Escape RoutinesUse File authorization with Windows authentication
Use Page.ViewStateUserKey to counter one-click attacksUse Parameter BatchingUse Programmatic Impersonation
Use Regular Expressions for Input ValidationUse SSL effectivelyUse SSL to protect session authentication cookies.
Use URL AuthorizationUse URL authorization for page and directory access controlUse Windows authentication
Use a generic error page in your ASP.NET applicationsUse absolute URLs for navigationUse account lockout policies for end-user accounts.
Use explicit role checks for fine-grained authorizationUse least privileged accountsUse least privileged process and service accounts.
Use multiple gatekeepers.Use of Hard-coded PasswordUse of Hard Coded Cryptographic Key
Use of sizeof() on a Pointer TypeUse principal demands on classes and methodsUse secure credential management
Use separate data access assembliesUse server-side input validationUse stored procedures
Use the ASP.NET validateRequest optionUse the HttpOnly cookie optionUse the correct algorithm and correct key size.
Use the frame security attributeUse the innerText propertyUse type safe SQL parameters
Using Freed MemoryUsing Referrer Field for AuthenticationUsing Single-factor Authentication
Using a Broken or Risky Cryptographic AlgorithmUsing a Key Past its Expiration DateValidate HTML Controls
Validate InputValidate Input Used For File I/OValidate Input Used for Data Access
Validate User Input with Regular Expressions - CValidate all values sent from the client.Validate input parameters
Visual Threats and CountermeasuresVulnerabilitiesVulnerability Index
Vulnerability Pattern TemplateVulnerability PatternsWalkthrough: Creating a Threat Model for a Web Application
Weak Password SystemsWeb Application Design ChecklistWeb Application Frame
Web Application Performance Design GuidelinesWeb Application Performance Design Guidelines - Browser Client ConsiderationsWeb Application Performance Design Guidelines - Business Layer Considerations
Web Application Performance Design Guidelines - CachingWeb Application Performance Design Guidelines - CommunicationWeb Application Performance Design Guidelines - Concurrency
Web Application Performance Design Guidelines - Coupling and CohesionWeb Application Performance Design Guidelines - Data Access Layer ConsiderationsWeb Application Performance Design Guidelines - Data Structures and Algorithms
Web Application Performance Design Guidelines - DeploymentWeb Application Performance Design Guidelines - Desktop Application ConsiderationsWeb Application Performance Design Guidelines - Performance Design Principles
Web Application Performance Design Guidelines - Performance Design Process PrinciplesWeb Application Performance Design Guidelines - Resource ManagementWeb Application Performance Design Guidelines - State Management
Web Application Performance Design Guidelines - Web Layer ConsiderationsWeb Application Performance Design Inspection ChecklistWeb Application Performance Design Inspection Questions
Web Application Performance Design Inspection Questions - CachingWeb Application Performance Design Inspection Questions - Class Design ConsiderationsWeb Application Performance Design Inspection Questions - Communication
Web Application Performance Design Inspection Questions - ConcurrencyWeb Application Performance Design Inspection Questions - Coupling and CohesionWeb Application Performance Design Inspection Questions - Data Access
Web Application Performance Design Inspection Questions - Data Structures and AlgorithmsWeb Application Performance Design Inspection Questions - Deployment and InfrastructureWeb Application Performance Design Inspection Questions - Exception Management
Web Application Performance Design Inspection Questions - Resource ManagementWeb Application Performance Design Inspection Questions - State ManagementWeb Application Performance Frame
Web Application Security Design GuidelinesWeb Application Security Design Guidelines - Auditing and LoggingWeb Application Security Design Guidelines - Authentication
Web Application Security Design Guidelines - AuthorizationWeb Application Security Design Guidelines - Configuration ManagementWeb Application Security Design Guidelines - Cryptography
Web Application Security Design Guidelines - Exception ManagementWeb Application Security Design Guidelines - Input / Data ValidationWeb Application Security Design Guidelines - Parameter Manipulation
Web Application Security Design Guidelines - Sensitive DataWeb Application Security Design Guidelines - Session ManagementWeb Application Security Design Inspection Checklist
Web Application Security Design Inspection QuestionsWeb Application Security Design Inspection Questions - Auditing and LoggingWeb Application Security Design Inspection Questions - Authentication
Web Application Security Design Inspection Questions - AuthorizationWeb Application Security Design Inspection Questions - Configuration ManagementWeb Application Security Design Inspection Questions - Cryptography
Web Application Security Design Inspection Questions - Deployment and Infrastructure ConsiderationsWeb Application Security Design Inspection Questions - Exception ManagementWeb Application Security Design Inspection Questions - Input and Data Validation
Web Application Security Design Inspection Questions - Parameter ManipulationWeb Application Security Design Inspection Questions - Sensitive DataWeb Application Security Design Inspection Questions - Session Management
Web Application Security FrameWeb Application Security MethodologyWeb Application Threat Model Template
Web Application Threat Model Template ExampleWeb Services (.NET 1.1) SecurityWeb Services (ASMX 1.1) Performance
Web Services (ASMX 1.1) Performance ChecklistWeb Services (ASMX 1.1) Performance GuidelinesWeb Services (ASMX 1.1) Performance Guidelines - Asynchronous Invocation
Web Services (ASMX 1.1) Performance Guidelines - Asynchronous Web MethodsWeb Services (ASMX 1.1) Performance Guidelines - AttachmentsWeb Services (ASMX 1.1) Performance Guidelines - Bulk Data Transfer
Web Services (ASMX 1.1) Performance Guidelines - COM InteropWeb Services (ASMX 1.1) Performance Guidelines - CachingWeb Services (ASMX 1.1) Performance Guidelines - Connections
Web Services (ASMX 1.1) Performance Guidelines - Design ConsiderationsWeb Services (ASMX 1.1) Performance Guidelines - One-Way (Fire-and-Forget) CommunicationWeb Services (ASMX 1.1) Performance Guidelines - Serialization
Web Services (ASMX 1.1) Performance Guidelines - State ManagementWeb Services (ASMX 1.1) Performance Guidelines - ThreadingWeb Services (ASMX 1.1) Performance Guidelines - Timeouts
Web Services (ASMX 1.1) Performance Guidelines - WebMethodsWeb Services (ASMX 1.1) Security ChecklistWeb Services Design Checklist
Web Services Security FrameWhat's New in .NET Framework 2.0 SecurityWhat's new in ASP.NET 2.0 in terms of Auditing and Logging?
What's new in ASP.NET 2.0 in terms of Authentication?What's new in ASP.NET 2.0 in terms of Authorization?What's new in ASP.NET 2.0 in terms of Code Access Security?
What are the issues with Forms Authentication in Web Farm Scenario?What are the permissions at the various trust levels?What are the requirements for using Kerberos delegation?
What are the types of input I need to validate in my ASP.NET application?What care should I take when securing ViewState in a web farm scenario?What does a secure web.config look like?
What is Constrained Delegation?What is SQL injection and how do I protect my application from SQL injection attacks?What is cross-site scripting and how do I protect my ASP.NET application from it?
What is protocol transition and when do I care?What is the difference between URL authorization, File authorization and Role authorization??What security events does health monitoring log by default?
When and how do I use Kerberos authentication in ASP.NET 2.0?When and how do I use windows authentication in ASP.NET 2.0?When do I use impersonation in ASP.NET 2.0?
When should I pre-compile my ASP.NET application?When should I put assemblies in GAC, what are security implications?When should I use .pfx files?
When should I use programmatic impersonation?When using Windows authentication, how can I give the default ASP.NET worker process access to a remote database server?When writing to a new event source from my ASP.NET application running under the Network service security context, I get registry permission exception. Why is this and how do I correct this
Windows Authentication to AD Groups Whiteboard SolutionXML (.NET 1.1) PerformanceXML (.NET 1.1) Performance Checklist
XML (.NET 1.1) Performance GuidelinesXML (.NET 1.1) Performance Guidelines - Design ConsiderationsXML (.NET 1.1) Performance Guidelines - Parsing XML
XML (.NET 1.1) Performance Guidelines - Validating XMLXML (.NET 1.1) Performance Guidelines - Writing XMLXML (.NET 1.1) Performance Guidelines - XPath Queries
XML (.NET 1.1) Performance Guidelines - XSLT ProcessingXML Injection Attack
Views
Personal tools