blog.securityps.com
Security PS Blog: Non-Negotiable Elements of a Secure Software Development Process: Part 1 - Security Requirements
http://blog.securityps.com/2013/01/non-negotiable-elements-of-secure.html
Non-Negotiable Elements of a Secure Software Development Process: Part 1 - Security Requirements. Written by Nick Coblentz. In September, I gave a. This is part 1 in a series of articles discussing Non-Negotiable elements of a secure software development process. This article focuses on security requirements. All thr. Ee articles are listed below:. Part 1: Security Requirements. Http:/ blog.securityps.com/2013/01/non-negotiable-elements-of-secure.html. Part 3: Validation Criteria. While this example is p...
blog.securityps.com
Security PS Blog: OAuth Resource Owner Password Credentials Grant Implementation in WebAPI 2
http://blog.securityps.com/2014/06/oauth-resource-owner-password.html
OAuth Resource Owner Password Credentials Grant Implementation in WebAPI 2. Written by Nick Coblentz. Before you dig into the code, I want to stress that I'm not done! I am not a full time developer; I just happen to like writing C# code. That means, I may not have the prettiest, most efficient code. Also, this code may not be secure. I used it to learn with, and yes I considered security requirements while developing it, but I haven't had the chance to review it for security vulnerabilities.
blog.securityps.com
Security PS Blog: December 2012
http://blog.securityps.com/2012_12_01_archive.html
Alternatives to Microsoft's WPL Sanitizer. Written by Nick Coblentz. Formerly the AntiXSS library) was written by Microsoft to help address cross-site scripting vulnerabilities in web applications. There are three parts to this library:. The Security Runtime Engine (SRE). Microsoft’s Sanitizer library. Library have both had vulnerabilities (or strange edge cases) in the past despite the fact that they were carefully crafted by intelligent security developers. Part of this problem is that browsers try...
blog.securityps.com
Security PS Blog: Session Fixation & Forms Authentication Token Termination in ASP.NET
http://blog.securityps.com/2013/06/session-fixation-forms-authentication.html
Session Fixation and Forms Authentication Token Termination in ASP.NET. Written by Nick Coblentz. ASPNET SessionId cookies and forms authentication cookies can be used alone or together to maintain state with a user’s browser. Each cookie works a little bit differently. The ASP.NET SessionId cookie value is an identifier used to look up session variables stored on the server-side; the cookie itself does not contain any data. The forms authentication. ASPNET SessionId Alone: Session Fixation. This allows ...
kc.issa.org
ISSA KC: 2015 CISSP CBK Overview Course
http://www.kc.issa.org/2015/04/2015-cissp-cbk-overview-course.html
Welcome to ISSA KC. The Information Systems Security Association (ISSA) is a not-for-profit, international organization of information security professionals and practitioners. Through its membership, ISSA -Kansas City helps security professionals in the Kansas City area learn of information security issues and trends, which promote education, collaboration, and leadership, and further the information security profession. 2015 CISSP CBK Overview Course. Wednesday, April 22, 2015. Fees are as follows:.
kc.issa.org
ISSA KC: About ISSA Kansas City
http://www.kc.issa.org/p/about-issa-kansas-city_27.html
Welcome to ISSA KC. The Information Systems Security Association (ISSA) is a not-for-profit, international organization of information security professionals and practitioners. Through its membership, ISSA -Kansas City helps security professionals in the Kansas City area learn of information security issues and trends, which promote education, collaboration, and leadership, and further the information security profession. About ISSA Kansas City. Board of Directors - Kansas City. Years He has been in Kans...
kc.issa.org
ISSA KC: July 2015 Chapter Meeting
http://www.kc.issa.org/2015/07/july-2015-chapter-meeting.html
Welcome to ISSA KC. The Information Systems Security Association (ISSA) is a not-for-profit, international organization of information security professionals and practitioners. Through its membership, ISSA -Kansas City helps security professionals in the Kansas City area learn of information security issues and trends, which promote education, collaboration, and leadership, and further the information security profession. July 2015 Chapter Meeting. Thursday, July 9, 2015. What do you hunt? 8226;12:00 PM ...
kc.issa.org
ISSA KC: July 2015 Chapter Newsletter
http://www.kc.issa.org/2015/07/july-2015-chapter-newsletter.html
Welcome to ISSA KC. The Information Systems Security Association (ISSA) is a not-for-profit, international organization of information security professionals and practitioners. Through its membership, ISSA -Kansas City helps security professionals in the Kansas City area learn of information security issues and trends, which promote education, collaboration, and leadership, and further the information security profession. July 2015 Chapter Newsletter. Monday, July 27, 2015. Thursday, July 21st, 2016.
SOCIAL ENGAGEMENT