#8 | Changing Membership Settings in the Default Membership Schema

#9 | Configuring SQL To Work with Membership Schemas

#10 | Understanding ASP.NET Memberships

[ Get them here ]

Lots, even MOST PHP applications are Open Souce but what if you want to distribute your application but don't want to distribute your PHP Source Code ?

Check out Nu-Coder from NuSphere.

Nu-Coder converts the source code of PHP Script into compiled PHP bytecodes for both accelerated runtime performance and maximum security.

http://www.nusphere.com/products/nucoder.htm

Dolores Labs posted recently "Amazon’s S3 Web Service, our #1 cause of failure" [ Click HERE to READ ]

Amazon.com is a great company and a early innovator in the Web Services Community. (God knows I send them ALOT of money.)

So this is not an indictment of Amazon as a technology provider. In fact, it is because a Amazon is a great company with a solid infrastructure that this is significant.

As Geeks, we tend to get all jazzed about the latest buzz - and cloud computing is certainly one of them. But, I think it's important to remember, while services in the cloud can be very cost effective. You can't control the cloud.

When you build it and own it you always have options when you're not getting the service level you need. In the cloud, you're held hostage by 3rd party service levels.... ad as we all know, stuff happens.

When you're using a cloud hosted service, remember to build support for graceful degradation your application. You application need not fail completely because you can't fetch images, ads, etc.

Not only is this good design practice, but it mitigates a DOS security threat. If I wanna bring your web application down and you haven't built resilience into your site, all I need to to is successfully attack any one service your application depends on and your application is down !!

Dies UAC give you a rash ?

It does me !!!

It's not that it isn't a good idea - it is. But I really wish I could train it or over ride it.

Maybe in a future Windows version - in the mean time, I'm trying Tweak UAC which provides a "Quiet Mode" for UAC.

[ Click HERE to get Tweak UAC ]

Note: UAC is a Security feature. Strictly speaking "Quiet Mode"  reduces your system's security.

Please checkout the first videos in my new Web Developer's Security Video Series.

http://www.asp.net/learn/security-videos/

I'm hoping to do 100 Videos this year !

PLEASE SEND YOUR REQUESTS !!!

T

Check out this 2 day security brain fest. It happens to be right after Black Hat in Vegas. See you there ?

The LifeCycleSecurity conference was started to provide a venue where professionals in the Application Security industry can learn from each other's experiences.  We will be addressing security from the server to the browser. 

Application Security : We will have topics that address how professionals are creating systems that are resistant to attacks against the web application layer and the systems that support these web applications.

Browser security: With the increase in attacks against browsers such as malware and other attack vectors, protecting your users is more important than ever.  This is increasingly being done with content filtering devices.  The Lifecyclesecurity conference will include several tracks that address techniques that are being used to protect against these browser / content based attacks.

http://www.lifecyclesecurity.com/

While at TechEd 2008 I got to spend some time in the "Fish Bowl" with Georgeo Pulikkathara.

Georgeo interviewed me on Microsoft's Secure Development Lifecycle (SDL) and my upcoming Developer Security Activities.

Please [ click HERE ] to check out Georgeo's blog post and [ Click HERE ] to have a listen to the show.

June 20, 2008 (IDG News Service) Microsoft's June security updates were bad news for online criminals who make their living stealing password information from online gamers.

The company's Malicious Software Removal Tool -- a program that detects and removes viruses and other undesirable programs from Windows machines -- zapped game password-stealing software from more than 2 million PCs in the first week after it was updated to detect these programs on June 10.

One password stealer, called Taterf, was detected on 700,000 computers in the first day after the update. That's twice as many infections as were spotted during the entire month after Microsoft began detecting the notorious Storm Worm malware last September.

[ Read he entire article here at Computer World ]

Baseline Magazine [ Click HERE ] has outlined the 5 Big Security Threats that Anti-virus software and firewalls MISS.

1 Trusted Users and Partners

2 Web Application Vulnerabilities

Gartner estimates that 75 percent of today’s attacks are carried out through the application layer.

Many of these application attacks are conducted through quickly coded Web applications, with little or no security baked in.

Yet these Web apps are often connected to some of the most sensitive databases businesses own.

3 Missing Devices

4 Custom Malware

5 Social Engineering

[ CLICK HERE to read the whole article. ]