Today I have read about this cool plug-in for Visual Studio 05. It detect whole the XSS problem in your asp.net web application. You can download it here. Tags: Security, SDL

In this last week I have developed an application that uses ASP.NET and some AJAX Toolkit Control ver. 1.0.11119.0. I noticed that when the CalendarExtender was inside an UpdatePanel it lost the css style information. To avoid this problem I found this thread where you can read that you need to specify the css style in your page or in your css file, in this way: .ajax__calendar_container {padding:4px;position:absolute;cursor:default;width:170px;font-size:11px;text-align:center;font-family:tahoma,verdana,helvetica;} .ajax__calendar_body {height:139px;width:170px;position:relative;overflow:hidden;margin:auto;} .ajax__calendar_days, .ajax__calendar_months, .ajax__calendar_years {top:0px;left:0px;height:139px;width:170px;position:absolute;text-align:center;margin:auto;} .ajax__calendar_container TABLE {font-size:11px;} .ajax__calendar_header {height:20px;width:100%;} .ajax__calendar_prev {cursor:pointer;width:15px;height:15px;float:left;background-repeat:no-repeat;background-position:50% 50%; background-image:url(WebResource.axd?d=x6lt9HfG5Si8NZjMNt1DLcY6US8hUl3G4muzIFtahMQFZTbwxJ00qsx5N8jeAW90ZvGxZ6SJJh48yx62JKItzQ2&t=633053122925312500);} .ajax__calendar_next {cursor:pointer;width:15px;height:15px;float:right;background-repeat:no-repeat;background-position:50% 50%; background-image:url(WebResource.axd?d=x6lt9HfG5Si8NZjMNt1DLcY6US8hUl3G4muzIFtahMQFZTbwxJ00qsx5N8jeAW90HZemRms4wXOo1BZWTwWtNQ2&t=633053122925312500);} .ajax__calendar_title {cursor:pointer;font-weight:bold;} .ajax__calendar_footer {height:15px;} .ajax__calendar_today {cursor:pointer;padding-top:3px;} .ajax__calendar_dayname {height:17px;width:17px;text-align:right;padding:0 2px;} .ajax__calendar_day {height:17px;width:18px;text-align:right;padding:0 2px;cursor:pointer;} .ajax__calendar_month {height:44px;width:40px;text-align:center;cursor:pointer;overflow:hidden;} .ajax__calendar_year {height:44px;width:40px;text-align:center;cursor:pointer;overflow:hidden;} .ajax__calendar .ajax__calendar_container {border:1px solid...

Why you write comments in your source code? Comments lead the developer to wrote bad code. If you wrote a good source code, it will be readable without comments. For example, if you wrote a method called: DrawContent.AfterDivisionBy2(4); I think you don't need to comment with a line of code like that. So, when is useful wrote comments? Comments are useful when you are working with a old bad code where you (or your manager) want make a lot of refactoring. Anyway I suggest to you to review the code before comment it.

In my italian blog version I'm posting some chapter summaries about SDL: The Security Development LifeCycle. You can find something like my summaries, and better than mines, in the following blogs: .NET Security Blog The Security Development LifeCycle   I think that the security topic is the most hot point of the new application era and I think that the more the applications will be linked witch each other (to share data and process), the more security will be a key point of software development in the...

Determine Threat Types What is STRIDE? STRIDE is a taxonomy used in Microsoft to identify a threat. STRIDE means: Spoofing Identity The concept of spoofing identity is allowing unprivileged code to use someone else's identity, and hence, their security credentials. For example, a driver that uses some form of a password mechanism is subject to this type of attack. Not all such drivers have security flaws, although, they are vulnerable to security flaws based on spoofing identity. The designers and implementers of the driver need to evaluate the level of...

In the Microsoft's labs the people doesn't sleep. They are at works on Volta. Volta is: The Volta technology preview is a developer toolset that enables you to build multi-tier web applications by applying familiar techniques and patterns. First, design and build your application as a .NET client application, then assign the portions of the application to run on the server and the client tiers late in the development process. The compiler creates cross-browser JavaScript for the client tier, web services for the server tier, and communication, serialization, synchronization, security, and other boilerplate code to tie the...