What's New

Browse by Tags

All Tags » Security (RSS)
Exploring the Service Provider track – Fabrikam Shipping Part II (Solution)
Now that we presented the scenario & the requirements , let’s take a look at the solution. What is conceptual solution we propose? Fabrikam Shipping in the pre-Claims era: This diagram shows Fabrikam Shipping today if used by Adatum (no claims, no...
Posted: Sep 04 2009, 12:45 AM by Latest Microsoft Blogs
Filed under: , , , , , , , , , ,
Exploring the Service Provider track – First station: Fabrikam Shipping – Part I (the scenario & challenges)
Once again, thanks everybody that wrote us with reviews, feedback and suggestions! Please keep it coming! Also: we hope to have soon a CodePlex site where we can start sharing more. We are still working out some details. As usual, the Disclaimer: this...
Posted: Sep 01 2009, 06:57 PM by Latest Microsoft Blogs
Filed under: , , , , , , , ,
Is Adobe the new Favorite Hacker Victim ??
I open several PDF files every day ! Check out these latest attack statistics from CNet Microsoft has always been the Hack Attacker’s favorite victim, but in recent years we’ve made it harder and harder to successfully attack Microsoft products. And so...
Posted: Aug 10 2009, 10:52 AM by Latest Microsoft Blogs
Filed under: , , , , ,
Subtext Security Issue and Patch
A member of the Subtext team discovered a security vulnerability due to our integration with the FCKEditor control as well as the FreeTextBox control. This vulnerability would potentially allow unauthenticated users to upload files using the file upload...
Posted: Jul 28 2009, 12:20 PM by Latest Microsoft Blogs
Filed under: , ,
Is It Too Late To Change JSON?
In my last post, I wrote about the hijacking of JSON arrays . Near the end of the post, I mentioned a comment whereby someone suggests that what really should happen is that browsers should be more strict about honoring content types and not execute code...
Posted: Jun 26 2009, 08:00 AM by Latest Microsoft Blogs
Filed under: , , , ,
CSRF Attacks and Web Forms
In my last blog post , I walked step by step through a Cross-site request forgery (CSRF) attack against an ASP.NET MVC web application. This attack is the result of how browsers handle cookies and cross domain form posts and is not specific to any one...
Posted: Apr 02 2009, 02:30 PM by Latest Microsoft Blogs
Filed under: ,
Take Charge of Your Security
Today I read something where someone was comparing Web Forms to ASP.NET MVC and suggested that Web Forms does a lot more than ASP.NET MVC to protect your site from malicious attacks. One example cited was that Server controls automatically handled HTML...
Posted: Feb 07 2009, 08:03 PM by Latest Microsoft Blogs
Filed under: , , , ,
Delete Link With Downlevel Support
Earlier this morning, I posted on making a simple jQuery delete link which makes it easy to create a delete link that does a form post to a delete action. Commenters pointed out that my solution won’t work for down-level browsers such as some mobile phones...
Posted: Jan 30 2009, 06:58 PM by Latest Microsoft Blogs
Filed under: , , ,
Simple jQuery Delete Link For ASP.NET MVC
In a recent post, Stephen Walther pointed out the dangers of using a link to delete data . Go read it as it provides very good coverage of the issues. The problem is not restricted to delete operations. Any time you allow a GET request to modify data...
Posted: Jan 30 2009, 02:00 PM by Latest Microsoft Blogs
Filed under: , , , , ,
More Posts