Contents tagged with Security
-
ASP.NET Security Update Shipping Thursday, Dec 29th
A few minutes ago Microsoft released an advance notification security bulletin announcing that we are releasing an out-of-band security update to address an ASP.NET Security Vulnerability.
-
ASP.NET Security Fix Now on Windows Update
Earlier this week I blogged about the availability of a patch on the Microsoft Download Center to fix the recent ASP.NET Security Vulnerability.
-
ASP.NET Security Update Now Available
This morning Microsoft released a security update that addresses the ASP.NET Security Vulnerability that I’ve blogged about this past week. We recommend installing it as soon as possible on your web-servers.
-
ASP.NET Security Update Shipping Tuesday, Sept 28th
Update: You can now download the security update here.
-
Update on ASP.NET Vulnerability
Earlier this week I posted about an ASP.NET Vulnerability, and followed this up with another blog post that covers some Frequently Asked Questions about it.
-
Frequently Asked Questions about the ASP.NET Security Vulnerability
Two days ago I published an important blog post about a security vulnerability in ASP.NET. In it I discussed a workaround that we recommend customers use to help prevent attackers from using the vulnerability against your applications.
-
Important: ASP.NET Security Vulnerability
A few hours ago we released a Microsoft Security Advisory about a security vulnerability in ASP.NET. This vulnerability exists in all versions of ASP.NET.
-
Tip/Trick: Enabling SSL on IIS 7.0 Using Self-Signed Certificates
SSL enables browsers to communicate with a web-server over a secure channel that prevents eavesdropping, tampering and message forgery. You should always use SSL for login pages where users are entering usernames/passwords, as well as for all other sensitive pages on sites (for example: account pages that show financial or personal information).
-
JSON Hijacking and How ASP.NET AJAX 1.0 Avoids these Attacks
Recently some reports have been issued by security researchers describing ways hackers can use the JSON wire format used by most popular AJAX frameworks to try and exploit cross domain scripts within browsers. Specifically, these attacks use HTTP GET requests invoked via an HTML <script src=""> include element to circumvent the "same origin policy" enforced by browsers (which limits JavaScript objects like XmlHttpRequest to only calling URLs on the same domain that the page was loaded from), and then look for ways to exploit the JSON payload content.
-
Tip/Trick: Integrating ASP.NET Security with Classic ASP and Non-ASP.NET URLs
One of the questions I am often asked is "How can I integrate ASP.NET security with Classic ASP other non-ASP.NET URLs?". Specifically, people want to know if they can integrate ASP.NET's Forms Authentication, Role Based Security, and URL Authorization features with Classic ASP, PHP, JSP, .HTM, .JPG and other non-ASP.NET URLs.