Orphaned pages
From Guidance Share
Showing below up to 50 results starting with #1.
View (previous 50) (next 50) (20 | 50 | 100 | 250 | 500).
- ASP.NET 2.0 Intranet - Windows Auth to AD Groups
- ASP.NET 2.0 Security FAQs
- ASP.NET 2.0 Security Questions and Answers - Authentication
- ASP.NET 2.0 Security Questions and Answers - Configuration
- ASP.NET 2.0 Security Questions and Answers - Impersonation / Delegation
- ASP.NET 2.0 Security Questions and Answers - Others
- About
- About This Site
- Application Architecture Guide - Cheat Sheet - patterns
- Assume all input is malicious.
- Audit and log access across application tiers.
- Avoid plain text passwords in configuration files
- Avoid storing secrets in the Local Security Authority (LSA).
- Avoid storing sensitive data in view state
- Back up and analyze log files regularly.
- Be able to disable accounts.
- Be careful with canonicalization issues.
- Catch exceptions.
- Centralize your approach.
- Connect using a least privileged account
- Connection string management
- Consider authorization granularity
- Consider authorization granularity.
- Consider identity flow.
- Consider the identity that is used for resource access
- Constrain, Then Sanitize
- Constrain, reject, and sanitize your input.
- Constrain input
- Create application specific event source
- Data privacy and integrity on the network
- Do not cache sensitive data
- Do not develop your own cryptography.
- Do not leak information to the client.
- Do not mix session tokens and authentication tokens
- Do not pass sensitive data from page to page
- Do not pass sensitive data using the HTTP-GET protocol.
- Do not rely on client-side state management options
- Do not rely on client-side validation.
- Do not send passwords over the wire in plaintext.
- Do not store database connections, passwords, or keys in plaintext.
- Do not store passwords in user stores.
- Do not store secrets if you can avoid it.
- Do not store secrets in code.
- Do not store sensitive data in persistent cookies.
- Do not trust HTTP header information.
- Does the code centralize its approach?
- Does the code use protection="All"
- Does the code use the right algorithm with an adequate key size?
- Encode Output
- Encrypt sensitive cookie state.