Guest Editor: Today's post is from Taras Kholopkin. Taras is a Solutions Architect at SoftServe. In this post, Taras will review secure data storage in the ASP.NET MVC framework. Secure Logging The system should not log any sensitive data (e.g. PCI, PHI, PII) into unprotected log storage. Let's look at an example from a healthcare … Continue reading ASP.NET MVC: Secure Data Storage
Guest Editor: Today's post is from David Hazar. David is a security engineer focusing on cloud security architecture, application security, and security training. In this post, David will take a look at the encryption options for applications hosted in the cloud. Over the last decade, due to new compliance requirements or contractual obligations, many, if … Continue reading Cloud Encryption Options - Good for Compliance, Not Great for Security
Johannes Ullrich is the Chief Research Officer for the SANS Institute, where he is responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics … Continue reading Ask the Expert - Johannes Ullrich
A very serious vulnerability in ASP.NET was revealed this past month that allows attackers to completely compromise ASP.NET Forms Authentication, among other things. When things like this happen, as developersit's important to see what lessons can be learned in order to improve the defensibility of our software. Source: 'Padding Oracle' Crypto Attack Affects Millions of … Continue reading ASP.NET Padding Oracle Vulnerability
Checking the integrity of code you download is important and has to be done not just for the initial download, but for updates as well. We will discuss the options to implement integrity checks correctly.