Search Results

Search found 14267 results on 571 pages for 'security certificate'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 72/571 | < Previous Page | 68 69 70 71 72 73 74 75 76 77 78 79  | Next Page >

  • Firefox cannot recognize certificates for well knows sites

    - by RCola
    When trying to connect to well known sites, for instance hotmail.com Firefox shows that This Connection in Untrusted. In the OptionsAdvancedCertificates it's configured to select one matching certificate automatically. Why Firefox does not trust current connection? Can it be Man-in-the-middle attack or it's something like broken certificate storage on my computer? UPDATE UPDATE2 Solved: the problem is Antivirus Web Access protection. It interferes with HTTPS connection. Similar to Man-in-the-middle? Why ESET cannot do it correctly?

    Read the article

  • Safari, IIS and optional Client Certificates

    - by Philipp
    I've a ASP.Net Webapp running on IIS7.5. The Webserver is configured to accept Client Certifcates. Unfortunately Visitors with Safari Browser are unable to view the Page. Same Problem as described under the following link: http://www.mnxsolutions.com/apache/safari-providing-an-ssl-error-client-certificate-rejected%E2%80%9D-when-other-browsers-work.html Does anyone knows how to solve this? I'd really appreciate your help. edit: Seems to be the same problem: http://superuser.com/questions/231695/iis7-5-ssl-question-safari-users-get-a-prompt-of-certificate-to-select

    Read the article

  • How to use chain.p7b with Apache?

    - by Debianuser
    I wanted to setup a SSL website on Apache and applied for a certificate from my local ISP. All they sent me was a single file named chain.p7b. I have always used certificates from other vendors without any issues but they usually provide two files to be configured as SSLCertificateFile and SSLCertificateChainFile in Apache. Following instructions from several online resources, I opened the p7b file in Windows and extracted 4 certificates from the file. I then tried configuring Apache with one of the files and it worked, but shows a warning: The certificate is not trusted because no issuer chain was provided. I though I have to use remaining 3 files as SSLCertificateChainFile and/or SSLCACertificateFile. I tried that but it didn't work so I am assuming it might be something completely different. Anyone faced this issue before? The following page http://www-01.ibm.com/support/docview.wss?uid=swg21458997 talks about using a keystore but is that relevant to Apache?

    Read the article

  • Which SSL certificate to buy [closed]

    - by Sparsh Gupta
    I am reading several notes on SSL certificates and comparison. What matters to me the most is speed. I can read that encryption is same with all different certificates available but I was wondering if there is any difference in the performance of the website with different certificates involved. I am ofcourse interested in end to end response times and I wonder if the type of encryption or number of certificates required as Chain Certificates makes a difference in speed. I dont really care for cost but looking for a good SSL certificate which ideally gives me absolutely no pain and best performance. Recommendations?

    Read the article

  • Avoid access to www subdomain on secure server

    - by user44654
    I have an SSL certificate that is valid for mysite.co.uk but not www.mysite.co.uk it seems. If I use mod_rewrite or .htaccess to redirect from one to the other will this prevent browsers from displaying an invalid certificate security warning if someone tries to access www.mysite.co.uk? (I've tried redirection but still get the warning if I type https://www.mysite.co.uk directly into the address bar of my browser. I want to know if this is because the redirection isn't working or if the browser will display the warning anyway.) I hope that makes sense.

    Read the article

  • using main domain as a mail server

    - by zensys
    I have a mail server set up as mail.mydomain.com like most people do. Now I find out that if I want to secure both mail.mydomain.com and mydomain.com with ssl I need two SSl certificates (or one more versatile but more expensive certificate). Does it make sense to run my mail server under mydomain.com (it is the same physical machine anyway) to save certificate expenses (I am Dutch) or is this being pound foolish? What is the rationale of separating the mail server from the 'www' server apart from the intuitive 'neatness' appeal?

    Read the article

  • How to make a request from an android app that can enter a Spring Security secured webservice method

    - by johnrock
    I have a Spring Security (form based authentication) web app running CXF JAX-RS webservices and I am trying to connect to this webservice from an Android app that can be authenticated on a per user basis. Currently, when I add an @Secured annotation to my webservice method all requests to this method are denied. I have tried to pass in credentials of a valid user/password (that currently exists in the Spring Security based web app and can log in to the web app successfully) from the android call but the request still fails to enter this method when the @Secured annotation is present. The SecurityContext parameter returns null when calling getUserPrincipal(). How can I make a request from an android app that can enter a Spring Security secured webservice method? Here is the code I am working with at the moment: Android call: httpclient.getCredentialsProvider().setCredentials( //new AuthScope("192.168.1.101", 80), new AuthScope(null, -1), new UsernamePasswordCredentials("joeuser", "mypassword")); String userAgent = "Android/" + getVersion(); HttpGet httpget = new HttpGet(MY_URI); httpget.setHeader("User-Agent", userAgent); httpget.setHeader("Content-Type", "application/xml"); HttpResponse response; try { response = httpclient.execute(httpget); HttpEntity entity = response.getEntity(); ... parse xml Webservice Method: @GET @Path("/payload") @Produces("application/XML") @Secured({"ROLE_USER","ROLE_ADMIN","ROLE_GUEST"}) public Response makePayload(@Context Request request, @Context SecurityContext securityContext){ Payload payload = new Payload(); payload.setUsersOnline(new Long(200)); if (payload == null) { return Response.noContent().build(); } else{ return Response.ok().entity(payload).build(); } }

    Read the article

  • Flash Player, security: If a URL starts with "http://" will the SWF always be loaded into REMOTE san

    - by Pavel
    Seems to be a question for a Flash security guru. Suppose we are loading an external SWF movie with MovieClipLoader.loadMovie(url:String) Is it safe to assume that if url starts with "http://", the movie will be loaded in REMOTE sandbox? We need to tell local SWFs from remote ones to close a security hole. If you need the context read on. We have developed a Projector, written in C++ embedding Flash Player ActiveX. Our Flash application runs inside the Projector. Soon we want to give our users a way to create plugins for the application. The plugins are obviously will be SWF movies. The case I'm afraid of is the following. A bad person creates a malicious evil.swf pretending it to be nice plugin for our app. In case evil.swf is loaded from the local file system it is granted an access to the whole MovieClip tree and Projector API, opening C++ file access operations. On the other hand if evil.swf is loaded from the internet, remotely, it will be locked in REMOTE sandbox by Flash security model. Because of this, we need a reliable way to tell local SWF from remote one before loading it. And we must not make a mistake. So again, is it safe to assume that if url begins with "http://", the clip will be loaded inside REMOTE sandbox?

    Read the article

  • Umbraco Permissions Script - Secure Version

    - by Vizioz Limited
    Back in May I blogged about how to set Permissions for Umbraco using SetACL to set the appropriate directory permissions based on the installation recommendations.Recently I have been working on a site for a client who wanted every security item to be locked down as tightly as possible. And so I modified the script based on the Umbraco security best practices, I thought I'd share it with everyone, if I have missed anything, or if anyone has any suggestions on how to improve this, please let me know :)Please refer to my previous post regarding the SetAcl command line application that you will need.I suggest you save the following into a batch file called: umbPermSecure.batecho offREM Script to setup the Security Permissions for an Umbraco siteREM This script will give your machine Network Service the minimum rights requiredREM for Umbraco to workREM I suggest you update this script to also remove any users who do not need REM access to the web foldersREM **** Pre-requisites ****REM You will need to download - http://setacl.sourceforge.net/REM It is assumed that you have stored SetACL in a directory called, C:\SetACL ifREM not, you will need to modify the script.REM **** Usage ****REM You need to pass in the path for the root of your Umbraco directoryREM E.g. umbPermSecure.bat C:\inetpub\umbracoroot@echo umbPermSecure.bat - Script to set Umbraco File and Directory Permissions@echo based on the Umbraco Security Best Practices Document (13th March 2009)@echo Published by Chris Houston - 19th October 2009@echo http://blog.vizioz.com@echo Adding READ only access SetACL.exe -on "%1" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\web.config" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\bin" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\umbraco" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"@echo Adding READ and EXECUTE access SetACL.exe -on "%1\app_code" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read_ex" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\usercontrols" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read_ex" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"@echo Adding READ, WRITE and MODIFY access SetACL.exe -on "%1\config" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -ace "n:%computername%\NETWORK SERVICE;p:change" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\css" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -ace "n:%computername%\NETWORK SERVICE;p:change" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\data" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -ace "n:%computername%\NETWORK SERVICE;p:change" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\masterpages" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -ace "n:%computername%\NETWORK SERVICE;p:change" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\media" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -ace "n:%computername%\NETWORK SERVICE;p:change" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\python" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -ace "n:%computername%\NETWORK SERVICE;p:change" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\scripts" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -ace "n:%computername%\NETWORK SERVICE;p:change" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\xslt" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -ace "n:%computername%\NETWORK SERVICE;p:change" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"

    Read the article

  • SQL SERVER – guest User and MSDB Database – Enable guest User on MSDB Database

    - by pinaldave
    I have written a few articles recently on the subject of guest account. Here’s a quick list of these articles: SQL SERVER – Disable Guest Account – Serious Security Issue SQL SERVER – Force Removing User from Database – Fix: Error: Could not drop login ‘test’ as the user is currently logged in. SQL SERVER – Detecting guest User Permissions – guest User Access Status One of the advices which I gave in all the three blog posts was: Disable the guest user in the user-created database. Additionally, I have mentioned that one should let the user account become enabled in MSDB database. I got many questions asking if there is any specific reason why this should be kept enabled, questions like, “What is the reason that MSDB database needs guest user?” Honestly, I did not know that the concept of the guest user will create so much interest in the readers. So now let’s turn this blog post into questions and answers format. Q: What will happen if the guest user is disabled in MSDB database? A:  Lots of bad things will happen. Error 916 - Logins can connect to this instance of SQL Server but they do not have specific permissions in a database to receive the permissions of the guest user. Q: How can I determine if the guest user is enabled or disabled for any specific database? A: There are many ways to do this. Make sure that you run each of these methods with the context of the database. For an example for msdb database, you can run the following code: USE msdb; SELECT name, permission_name, state_desc FROM sys.database_principals dp INNER JOIN sys.server_permissions sp ON dp.principal_id = sp.grantee_principal_id WHERE name = 'guest' AND permission_name = 'CONNECT' There are many other methods to detect the guest user status. Read them here: Detecting guest User Permissions – guest User Access Status Q: What is the default status of the guest user account in database? A: Enabled in master, TempDb, and MSDB. Disabled in model database. Q: Why is the default status of the guest user disabled in model database? A: It is not recommended to enable the guest in user database as it can introduce serious security threat. It can seriously damage the database if configured incorrectly. Read more here: Disable Guest Account – Serious Security Issue Q: How to disable guest user? A: REVOKE CONNECT FROM guest Q: How to enable guest user? A: GRANT CONNECT TO guest Did I miss any critical question in the list? Please leave your question as a comment and I will add it to this list. Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Query, SQL Security, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • Which SSL do I need?

    - by Maik Klein
    I need to buy a ssl certificate. Now there are so many different alternatives with a huge price range. I know the very basic differences of browser compatibility and security level. But I need a "cheap" ssl certificate. My homepage looks like this http://www.test.com Now if I go to the loginpage i should switch to https like this https:/www.test.com/login I am also considering to secure the whole site if the user has singed in. Now there are sites which are offering SSl for 7$/year. Would this do the job? Or would you recommend me to get something more expensive like this one? I want to add paypal support in a later version of my website and I don't want to save money on the wrong end. What would you recommend me?

    Read the article

  • Opinion on LastPass's security for the Average Joe [closed]

    - by Rook
    This is borderline on objective/subjective, but I'm posting it here since I'm more interested in objective facts, without going into too much technical details, than I am in user reviews of LastPass. I've always used offline ways for (password / sensitive data) storage, but lately I keep hearing good things about LastPass. Indeed, it is more practical having it always accessible from every computer you're using without syncing and related problems, but the security aspect still troubles me. How (in a nutshell for dummies) does LastPass keep your data secure / can their employees see your data, and what is your opinion for such storage of more than usual keeping of sensitive data (bank PIN codes, some financial / business related stuff and so on - you know, the things that would practically hurt if lost / phished)? What are your opinions of it, and do you trust it for such? Any bad experiences? If someone for example is sniffing your wifi network, would such data be easier than usual to sniff out?

    Read the article

  • 'Important security update' for Firefox and flash plugin, but the update cannot be selected

    - by geoffrey
    [This question has been updated as I now have the same problem with Firefox in addition to flash plugin] The update manager (on Ubuntu 12.04, 64bit) shows an 'important security update' for flashplugin-installer:i386, firefox, and firefox-globalmenu. The update is unticked, and cannot be selected, and therefore cannot be updated (I can update other packages without problems). Actually the flashplugin-installer package does not appear to be installed on my computer (judging from the Software Centre). I can't remember how I installed flash, probably directly from the Adobe website. The updater asks me if I want to do a partial upgrade. When running sudo apt-get update && sudo apt-get upgrade from terminal, I get the following: The following packages have been kept back: firefox firefox-globalmenu flashplugin-installer:i386

    Read the article

  • APress Deal of the Day 10/August/2014 - Pro ASP.NET Web API Security

    - by TATWORTH
    Originally posted on: http://geekswithblogs.net/TATWORTH/archive/2014/08/10/apress-deal-of-the-day-10august2014---pro-asp.net-web.aspxToday’s $10 Deal of the Day from APress at http://www.apress.com/9781430257820 is Pro ASP.NET Web API Security. “ASP.NET Web API is a key part of ASP.NET MVC 4. It has become the platform of choice for building RESTful services. Securing ASP.NET Web API applications requires a move away from traditional WCF-based techniques in favor of new SOAP-less methods. The evaluation, selection and analysis of these new techniques is the focus of this book.”

    Read the article

  • Framework 4 Features: User Propogation to the Database

    - by Anthony Shorten
    Once of the features I mentioned in a previous entry was the ability for Oracle Utilities Application Framework V4 to automatically propogate the end user to the database connection. This bears more explanation. In the past releases of the Oracle Utilities Application Framework, all database connections are pooled and shared within a channel of access. So for example, the online connections on the Business Application Server share a common pool of connections and the batch in a thread pool shares a seperate pool of connections. The connections are pooled for performance reasons (the most expensive part of a typical transaction is opening and closing connections so we save time by having them ready beforehand). The idea is that when a business function needs some SQL to be execute it takes a spare connection from the pool, executes the SQL and then returns the connection back to the pool for reuse. Unfortunelty to support the pool being started and ready before the transactions arrives means that you need to have a shared userid (as you dont know the users who need them beforehand). Therefore each connection uses the same database user to execute the SQL it needs. This is acceptable for executing transactions, generally but does not allow the DBA or other tools to ascertain which end user is actually running the transaction. In Oracle Utilities Application Framework V4, we now set the CLIENT_IDENTIFIER to the end userid (not the Login Id) when the connection is taken from the pool and used and reset it back to blank when returned to the pool. The CLIENT_IDENTIFIER is a feature that is present in the Oracle Database connection information. From a monitoring perspective, when a connection to the database is actively running SQL, the end user is now able to be determined by querying the CLIENT_IDENTIFIER on the session object within the database. This can be done in the DBA's favorite monitoring tool (even just some SQL on the v$session table is enough). This has other implications as well. Oracle sells a lot of other security addons to the database and so do third parties. If a site wants to have additional levels of security or auditing in the database then the CLIENT_IDENTIFIER, if supported, is now available to be recorded or used by those products to provide additional levels of security. This facility was one of the highly "nice to haves" that customers would ask us about so we now allow it to be used to allow finer grained monitoring and additional security facilities. Note: This facility is only available for customers using the Oracle Database versions of our products.

    Read the article

  • Oracle Solaris 11.1 Security Lab

    - by user12608073
    Recently I developed a set of lab exercises for an Oracle OpenWorld Hands On Lab, entitled HOL10201, Reduce Risk with Oracle Solaris Access Control to Restrain Users and Isolate Applications. This explored the new Extended Policy for privilege assignments in Oracle Solaris 11.1.  Today, Oracle Solaris 11.1 has been officially released via the Package Repository. Today's release and branch are numbered 0.5.11-0.175.1.0.0.24.2, which means it is based on build 24b of 11.1 which is, in turn, based on build 175a of 11.0.  There is a good summary of new features available here: Oracle Solaris 11.1 - What's New . Pages 5 thru 7 give an overview of some of the new security enhancements. There is much more information available in the newly published documentation for Oracle Solaris 11.1. I plan to explore some of these enhancements in a series of blog entries. Meanwhile, I've published a copy of the lab materials, which you can try out with this new release.

    Read the article

  • Week in Geek: New Security Hole Found Just Hours After Latest Java Update Released

    - by Asian Angel
    Our first edition of WIG for September is filled with news link coverage on topics such as Firefox 16 Beta introduces new command line feature for developers, Google to restore passwords lost using Chrome iOS app, new password stealing malware is targeting Linux & Mac OS X users, and more. Special Note: The title refers to the latest security update of Java just released this past Thursday. Please refer to our article on disabling Java here. Skull and crosshair targeting scope clipart courtesy of Clker.com. HTG Explains: How Windows Uses The Task Scheduler for System Tasks HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows? Java is Insecure and Awful, It’s Time to Disable It, and Here’s How

    Read the article

  • Panda Antivirus Pro 2012 and Secunia Windows Updater

    As with other offerings in the Panda Security portfolio, the core of Panda Antivirus Pro 2012's reliability comes from its innovative Collective Intelligence technology. This security model automatically analyzes, classifies, and fixes the approximately 73,000 files PandaLabs receives on a daily basis to offer users the highest protection possible against malware that is not only known, but also unknown. Best of all, the protection is provided with little impact on system performance to ensure a user-friendly experience. Speaking of user-friendly, Panda Antivirus Pro 2012 is described as the...

    Read the article

  • Why do we need REST service security if we have HTTPS

    - by Vangel
    I refer to this excellent article http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/ which speaks of amazon like security for web service. However I was asked a question in the team of why do we need it if we already use HTTPS. I was unable to answer as it really seems to me they may be right although gut tells me otherwise. Also is there places when providing REST services where HTTPS may not work? Like 3rd party websites? If anyone has experience in securing Web Services over the public interwebs please shed some light with your experience. Thanks in advance. EDIT: To clarify I am not speaking of user authentication but more of client authentication. The user authentication can be assumed to be plain text over HTTPS+ REST. My worry is that this still allows anyone to use the web service without my client to access it since everything is plai text although over HTTPS the client end point can still use my web service without the client application.

    Read the article

  • No keyring secrets found for [ssid] /802-11-wireless-security, ubuntu 12.04

    - by acimer
    I'm on Ubuntu 12.04 x64bit, installed it couple of days ago. The issue i'm having is this: on startup it connects to my wireless without a problem, but after a while I am disconnected and prompted to enter the key for the wireless network (which is entered - saved) so i just click 'ok', but wireless doesn't connect again. Reseting network manager doesn't help either. Only restart, after which, ubuntu connects to the said wireless without a problem. Terminal outputs this error message: ** Message: No keyring secrets found for cimermanovic /802-11-wireless-security; asking user. cimermanovic is the ssid name. also, here are some error messages that network manager is giving: (nm-applet:31926): GdkPixbuf-CRITICAL **: gdk_pixbuf_scale_simple: assertion `dest_width 0' failed (nm-applet:31693): GdkPixbuf-CRITICAL **: gdk_pixbuf_scale_simple: assertion `dest_width 0' failed (nm-applet:30184): GdkPixbuf-CRITICAL **: gdk_pixbuf_scale_simple: assertion `dest_width 0' failed What should i do to fix this? Thanks!

    Read the article

  • Jetzt anmelden: Oracle Database Security Seminare

    - by A&C Redaktion
    Die Anforderungen an Datensicherheit steigen stetig. Seit mehr als 30 Jahren verfügt Oracle über Kompetenz im Bereich der Informationssicherheit. Wenn es um handfeste Lösungen für die Datensicherheit geht, sind Sie bei uns also in den besten Händen.  Nutzen Sie die kostenlosen Database Security Seminare, um sich mit Experten von Oracle und Platinum Partner Trivadis über den Schutz Ihrer IT-Infrastruktur auszutauschen und mehr darüber zu erfahren, wie Sie Schwachstellen erkennen und welche Maßnahmen Ihnen bei der Verbesserung des Sicherheitsstatus Ihres Unternehmens helfen können. Die Plätze sind begrenzt - melden Sie sich gleich online an: 13. Juni 2012, Oracle Geschäftsstelle Hamburg 20. Juni 2012, Oracle Geschäftsstelle Stuttgart

    Read the article

  • how to detect keylogger in windows that hooked up key-press?

    - by saber tabatabaee yazdi
    For security reasons we have to detect all key-loggers and log them in somewhere like windows events. I have piece of C# code that it is very easy to install all clients and up and running every day in system trays and no one can close it. We want to modify that code and send logs to central web service in our network (that this also web service is installed last year and receive and log all another security logs).

    Read the article

  • Security settings for this service require 'Basic' Authentication

    - by Jake Rutherford
    Had an issue calling WCF service today. The following exception was being thrown when service was called:WebHost failed to process a request. Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/35320229 Exception: System.ServiceModel.ServiceActivationException: The service '/InteliChartVendorCommunication/VendorService.svc' cannot be activated due to an exception during compilation.  The exception message is: Security settings for this service require 'Basic' Authentication but it is not enabled for the IIS application that hosts this service..Ensured Basic authentication was indeed enabled in IIS before getting stumped on what actual issue could be. Turns out it was CustomErrors setting. Value was set to "off" vs "Off". Would have expected different exception from .NET (i.e. web.config parse exception) but it works now either way.

    Read the article

  • Good Introductory Books on Writing Secure Software

    - by cosmic.osmo
    What are some good introductory books about writing secure software? Specifically, one that covers basic strategies and design patterns for writing a secure software and surveys common security vulnerabilities, how they're exploited, and how you can protect against them. Personally, I've picked up bits of security know-how here and there over my career, but now I'd like a more systematic overview.

    Read the article

  • Live Security Talk Webcast: Using Standards-Based Internet Explorer Features to Protect Apps (Level

    If you are building mashups and other web applications, what do you need to know to make sure that you are building secure applications that don't expose security vulnerabilities? What do you need to consider when building your applications using features from HTML 5, HTML 4.01, and important features of the browser? Attend this webcast to learn how to use standards-based Windows Internet Explorer features to protect the applications you develop....Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 68 69 70 71 72 73 74 75 76 77 78 79  | Next Page >