Microsoft Threat Analysis & Modeling tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce valuable security artifacts such as:- Data access control matrix- Component access control matrix- Subject-object matrix- Data Flow- Call Flow- Trust Flow- Attack Surface- Focused reports
Check few other cool security tools and guide:
XSS Detect Beta Code Analysis Tool
Microsoft Threat Analysis & Modeling v2.1.2
Best Practice Analyzer for ASP.NET
Improving Web Application Security: Threats and Countermeasures
Web Service Security Guide
Saturday, February 17, 2007
Friday, February 16, 2007
Visual Studio 2005 Web Deployment Projects
In the recent weeks, I came across the following questions from different people:
1. While deploying my website, how can I update only the assemblies for recent changes?
2. How to use aspnet_compiler.exe for packaging and release management scenarios?
3. How to have get a single file assembly instead of bunch of cryptic auto generated assemblies?
This page: http://msdn2.microsoft.com/en-us/library/aa479044.aspx provides answers for all those above questions.
In short:
- Precompile a Web site using the aspnet_compiler.exe command-line tool
- For packaging and release management, use fixednames option of the aspnet_compiler.exe command-line tool
- Use aspnet_merge to merge the Dll's.
- Also to make your life easy, downlaod and implement the "Visual Studio 2005 Web Deployment Projects" which provide additional functionality to build and deploy Web sites and Web applications in ASP.NET 2.0 and Visual Studio 2005.
This add-in includes a tool to merge the assemblies created during ASP.NET 2.0 pre-compilation, and provides a comprehensive UI within Visual Studio 2005 to manage build configurations, merging, and using pre-build and post-build tasks with MSBuild.
Download now
Download now
You may find more information at the following link AND/OR doing a search for “Visual Studio 2005 Web Deployment Projects”.
http://msdn2.microsoft.com/en-us/asp.net/aa336619.aspx
http://msdn2.microsoft.com/en-us/library/aa479568.aspx
A good example is present here: http://weblogs.asp.net/scottgu/archive/2005/11/06/429723.aspx
http://msdn2.microsoft.com/en-us/asp.net/aa336619.aspx
http://msdn2.microsoft.com/en-us/library/aa479568.aspx
A good example is present here: http://weblogs.asp.net/scottgu/archive/2005/11/06/429723.aspx
Overview of .NET Framework 3.0
Overview of .NET Framework 3.0
· .NET 3.0 is an integral part of the windows Operating system.
- It is also available separately for the operating systems Windows Server 2003; Windows Server 2003 R2 Standard Edition (32-bit x86); Windows Server 2003 R2 x64 editions; Windows Server 2003 Service Pack 1; Windows Server 2003 x64 editions; Windows Vista; Windows XP Service Pack 2.
- .NET Framework 3.0 coexists along with 2.0, 1.1 and 1.0.
- .NET Framework makes use of CLR 2.0!
- WPF, WCF, WF and Windows CardSpace are all technologies exposed through the.NET Framework 3.0 APIs.
· .NET Framework 3.0 is a natural evolution to existing framework to provide more set of features to solve the challenging problems of today world.
· Ok, wait…. you may wonder “I am already convenient with .NET Framework 1.1 and am learning 2.0, why should I burden with one more!”
· Do I really need to learn .NET 3.0? YES, if any of the following points below applies to you!
Benefits of .NET Framework 3.0
· Differentiated User Experience (WPF / Avalon)
- Programming model to build rich, attractive UI applications user experiences that incorporate UI (2D, 3D, Vector-based graphics), media (audio, video, and animation) and documents.below
- Looking forward a Unified Framework to build varied User Interfaces to target both Windows client and Web browsers.
- Increase Developer-Designer Productivity.
- Want to deliver an enhanced User Experience (UX).
· Service-Oriented Application Development (WCF / Indigo)
- Programming model to develop better connected systems starting from enterprise SOA applications to P2P applications.
- Programming model to build interoperable WS-* Web services, provides rich communication options (HTTP, TCP, Named pipes, etc), different message exchange patterns (one-way, two way, request/response), and with a wide range of enterprise features (security, reliability, scalability, etc).
- Build Service-Oriented Applications.
- Want to build Interoperate using Web Services Standards.
· Business Logic Modeling (WWF)
- Programming model to build efficient long running, workflow-based applications to automate business process.
- Build a Range of Workflow Styles.
- Implement Business Process in Software.
· Digital Identity Management (Card Space/ InfoCard)
- Provides safe, simple secure way to login to Web sites (alternative to using usernames and passwords) to protect against identity-related attacks such as phishing. No need to memorize the big list of User names / Passwords!
- Simplify Online Authentication.
- Increase Web Site Security.
- Protect Against Identity Theft.
· .NET 3.0 is an integral part of the windows Operating system.
- It is also available separately for the operating systems Windows Server 2003; Windows Server 2003 R2 Standard Edition (32-bit x86); Windows Server 2003 R2 x64 editions; Windows Server 2003 Service Pack 1; Windows Server 2003 x64 editions; Windows Vista; Windows XP Service Pack 2.
- .NET Framework 3.0 coexists along with 2.0, 1.1 and 1.0.
- .NET Framework makes use of CLR 2.0!
- WPF, WCF, WF and Windows CardSpace are all technologies exposed through the.NET Framework 3.0 APIs.
· .NET Framework 3.0 is a natural evolution to existing framework to provide more set of features to solve the challenging problems of today world.
· Ok, wait…. you may wonder “I am already convenient with .NET Framework 1.1 and am learning 2.0, why should I burden with one more!”
· Do I really need to learn .NET 3.0? YES, if any of the following points below applies to you!
Benefits of .NET Framework 3.0
· Differentiated User Experience (WPF / Avalon)
- Programming model to build rich, attractive UI applications user experiences that incorporate UI (2D, 3D, Vector-based graphics), media (audio, video, and animation) and documents.below
- Looking forward a Unified Framework to build varied User Interfaces to target both Windows client and Web browsers.
- Increase Developer-Designer Productivity.
- Want to deliver an enhanced User Experience (UX).
· Service-Oriented Application Development (WCF / Indigo)
- Programming model to develop better connected systems starting from enterprise SOA applications to P2P applications.
- Programming model to build interoperable WS-* Web services, provides rich communication options (HTTP, TCP, Named pipes, etc), different message exchange patterns (one-way, two way, request/response), and with a wide range of enterprise features (security, reliability, scalability, etc).
- Build Service-Oriented Applications.
- Want to build Interoperate using Web Services Standards.
· Business Logic Modeling (WWF)
- Programming model to build efficient long running, workflow-based applications to automate business process.
- Build a Range of Workflow Styles.
- Implement Business Process in Software.
· Digital Identity Management (Card Space/ InfoCard)
- Provides safe, simple secure way to login to Web sites (alternative to using usernames and passwords) to protect against identity-related attacks such as phishing. No need to memorize the big list of User names / Passwords!
- Simplify Online Authentication.
- Increase Web Site Security.
- Protect Against Identity Theft.
patterns & practices Improving Web Services Security
This guide shows you how to make the most of WCF (Windows Communication Foundation). With end-to-end application scenarios, it shows you how to design and implement authentication and authorization in WCF. Learn how to improve the security of your WCF services through prescriptive guidance including guidelines, Q&A, practices at a glance, and step-by-step how tos.
Particularly this http://www.codeplex.com/WCFSecurityGuide/Wiki/View.aspx?title=Ch%2004%20-%20WCF%20Security%20Fundamentals&referringTitle=Home chapter provides lot of useful information.
Particularly this http://www.codeplex.com/WCFSecurityGuide/Wiki/View.aspx?title=Ch%2004%20-%20WCF%20Security%20Fundamentals&referringTitle=Home chapter provides lot of useful information.
Team System 2008 Team Suite
Team System 2008 Team Suite:
Visual Studio Team System 2008 Team Suite contains tools for all team members starting from Architect, Developer, tester, PM etc. It is an integrated set of tools for architecture, design, development, database development and testing of applications. Team members can continuously collaborate and utilize a complete set of tools and guidance at every step of the application life cycle. Installing team suite will have all the below tools set!
Please refer the below versions of the tools:
Visual Studio Team System 2008 Architecture Edition
Visual Studio Team System 2008 Database Edition
Visual Studio Team System 2008 Development Edition
Visual Studio Team System 2008 Test Edition
Visual Studio Team System 2008 Team Suite contains tools for all team members starting from Architect, Developer, tester, PM etc. It is an integrated set of tools for architecture, design, development, database development and testing of applications. Team members can continuously collaborate and utilize a complete set of tools and guidance at every step of the application life cycle. Installing team suite will have all the below tools set!
Please refer the below versions of the tools:
Visual Studio Team System 2008 Architecture Edition
Visual Studio Team System 2008 Database Edition
Visual Studio Team System 2008 Development Edition
Visual Studio Team System 2008 Test Edition
Visual Studio 2008 - What's new?
Visual Studio 2008 delivers key advances for developers in three primary pillars:
- Rapid application development
- Effective team collaboration
- Breakthrough user experiences
Enabling New Web Experiences: Developers can easily create efficient, interactive Web applications with Visual Studio 2008. Seamless integration of the familiar ASP.NET AJAX programming model enables more efficient client-side execution, giving end users a more responsive Web interface. JavaScript IntelliSense and debugging further improve the development experience.
Gaining an Improved Overall Developer Experience: Visual Studio 2008 simplifies the user’s ability to adopt the toolset and framework separately by enabling developers to target different .NET Framework platforms. Along with that it makes the developer life easy while building WPF, WCF and WF applications. I can see loads of improvements in developer experience...
Improving Application Lifecycle Management (ALM):
ALM features in Visual Studio provide great support not only for managing the entire software-development life cycle, but also for critical interaction with an enterprise application’s final end-users and IT stakeholders.
Handling Data More Productively:
The introduction of Language Integrated Query (LINQ) and other data-access improvements enable developers to apply a consistent programmatic approach to data handling, perform data access with new data-design surfaces, and use built-in classes for the occasionally connected design pattern.
Subscribe to:
Posts (Atom)