Home » Archive

Articles in the Uncategorized Category

Uncategorized »

[24 Feb 2014 | No Comment | ]

SNK (Strong Name Key) is a digital proof of .Net assembly’s origin, normally it proves it belongs to your company. If it’s important for you to be sure your customers using your assemblies and that the assemblies are not replaced by rogue ones consider signing your assemblies with SNK. More benefits of SNK discussed in Strong-Named Assemblies.
If you sign your assemblies with SNK you need to validate if they are all signed  before you ship. If you ship only few assemblies then manually running sn.exe tool is reasonable. But if …

Uncategorized »

[24 Feb 2014 | No Comment | ]

Authenticode digital signatures provide means of verifying the code’s origins. When you ship your production files consider signing them with Authenticode, even those .Net assemblies that you already signed with SNK (Strong Name Key, more on SNK here). Digital signatures such as Authenticode and SNK help mitigate attacks when legitimate files replaced with rogue files.
Below is a PowerShell script that scans provided folder and its subfolders and verifies specified types of files for valid Authenticode. The output of the script is a list of files and their Authenticode signature status …

Uncategorized »

[24 Feb 2014 | No Comment | ]

When you ship your software you want to make sure the binaries have proper copyright attributes set.
Below is a PowerShell script that extracts the file copyright attribute. Hat tip to June (@juneb_get_help) who helped me with it.
To verify the files copyright attribute:

Copy and paste the script into Notepad and save with ps1 extension.
Open PowerShell console, drag the ps1 file into it, and press Enter.
Review output, files without copyright or wrong copyright.

Alternatively (recommended for very large number of files)

Open PowerShell console and drag the file into it.
Redirect output …

Uncategorized »

[24 Feb 2014 | No Comment | ]

Applying agile development practices to security gains all the benefits (and challenges too) that come with agile. Namely, it’s the ability to build manageable backlog of work items, delivering working software incrementally in the context of the security, ability to quickly prioritize and deprioritize what gets kept on the hot plate and what is not, and of course, the ability to effectively manage testability different security aspects in a holistic fashion. There is more, but these are my favorite.
In this post I will share with you how I build my …

Uncategorized »

[24 Feb 2014 | No Comment | ]

Did you know by default the commands and the data are sent to and from SQL Server in clear text? Curious what’s going on the wire between your app and SQL Server? Want to investigate SQL Server performance issues? You can do that using Microsoft Network Monitor or Netmon.
To get started with monitoring SQL Server traffic or TDS traffic you first need to download install the following:

Download and install netmon:

http://www.microsoft.com/en-us/download/details.aspx?id=4865

Download and install Parsers:

https://connect.microsoft.com/site216/Downloads/DownloadDetails.aspx?DownloadID=47172

Download and install SQL Parser:

https://connect.microsoft.com/site216/Downloads/DownloadDetails.aspx?DownloadID=47169

FYI: Parsers page on Connect:

https://connect.microsoft.com/site216/Network%20Monitor%20Parsers

To capture and analyze TDS traffic using Netmon:

Run Netmon on …