Browse by Tags

All Tags » Security (RSS)

ASP.NET Security Update Shipping Thursday, Dec 29th by ScottGu

A few minutes ago Microsoft released an advance notification security bulletin announcing that we are releasing an out-of-band security update to address an ASP.NET Security Vulnerability . Dec 29th Update: the security update (MS11-100) has now shipped...

ASP.NET Security Fix Now on Windows Update by ScottGu

Earlier this week I blogged about the availability of a patch on the Microsoft Download Center to fix the recent ASP.NET Security Vulnerability. Today we also made it possible to update systems through Windows Update (WU) and Windows Server Update Services...

ASP.NET Security Update Now Available by ScottGu

This morning Microsoft released a security update that addresses the ASP.NET Security Vulnerability that I’ve blogged about this past week.  We recommend installing it as soon as possible on your web-servers. Common Questions/Answers Below are some...

ASP.NET Security Update Shipping Tuesday, Sept 28th by ScottGu

Update : You can now download the security update here . An hour ago Microsoft released an advance notification security bulletin announcing that we are releasing an out-of-band security update to address the ASP.NET Security Vulnerability that I’ve blogged...

Update on ASP.NET Vulnerability by ScottGu

Earlier this week I posted about an ASP.NET Vulnerability , and followed this up with another blog post that covers some Frequently Asked Questions about it. We are actively working on releasing a security update that fix the issues, and our teams have...

Frequently Asked Questions about the ASP.NET Security Vulnerability by ScottGu

Two days ago I published an important blog post about a security vulnerability in ASP.NET .  In it I discussed a workaround that we recommend customers use to help prevent attackers from using the vulnerability against your applications. Below are...

Important: ASP.NET Security Vulnerability by ScottGu

A few hours ago we released a Microsoft Security Advisory about a security vulnerability in ASP.NET.  This vulnerability exists in all versions of ASP.NET. This vulnerability was publically disclosed late Friday at a security conference.  We...

Tip/Trick: Enabling SSL on IIS 7.0 Using Self-Signed Certificates by ScottGu

SSL enables browsers to communicate with a web-server over a secure channel that prevents eavesdropping, tampering and message forgery. You should always use SSL for login pages where users are entering usernames/passwords, as well as for all other sensitive...

JSON Hijacking and How ASP.NET AJAX 1.0 Avoids these Attacks by ScottGu

Recently some reports have been issued by security researchers describing ways hackers can use the JSON wire format used by most popular AJAX frameworks to try and exploit cross domain scripts within browsers. Specifically, these attacks use HTTP GET...
Filed under: , , ,

Tip/Trick: Integrating ASP.NET Security with Classic ASP and Non-ASP.NET URLs by ScottGu

One of the questions I am often asked is "How can I integrate ASP.NET security with Classic ASP other non-ASP.NET URLs?". Specifically, people want to know if they can integrate ASP.NET's Forms Authentication, Role Based Security, and URL Authorization...
More Posts Next page »