Alik Levin's
Solution Engineering for Performance & Security
Security Engineering Big Rocks
Lifecycle and prioritization seem like a key to successful implementation of Security Engineering....
Author: Alik Levin Date: 05/07/2007
Security Workshops
This post is inspired by Dave Ladd's Security Education v. Security Training My favorite quote is...
Author: Alik Levin Date: 05/06/2007
ASP.NET Health Monitoring Means Logging And Auditing
I constantly keep seeing ASP.NET developers using log4net for logging and auditing their Web apps....
Author: Alik Levin Date: 05/02/2007
I Do Not Have Time For That
Every creature on that planet has exactly the same 24 hours a day - no more, no less. So what this...
Author: Alik Levin Date: 05/01/2007
.Net Security How To's
patterns & practices Security How To's Index ASP.NET 2.0 Security Questions and Answers Tamper...
Author: Alik Levin Date: 04/30/2007
My Favorite Shortcuts
Using mouse is inefficient and slow - for detailed explanation go here These are my favorite (those...
Author: Alik Levin Date: 04/29/2007
"It's the perfect crime, both low-risk and high-profit"
NYT -...
Author: Alik Levin Date: 04/25/2007
IIS 7 Configuration File - applicationHost.config - Password Management
From my learning of IIS7 I understand that IIS7's metabase is actually XML configuration file very...
Author: Alik Levin Date: 04/24/2007
Reduce Distraction
Focus is the key for me to have things done, although I have my technique to manage my work pipeline...
Author: Alik Levin Date: 04/22/2007
Coincidence?
My life Definitely Changed When I understood that Focus Is The Key, I just realized that Ford, my...
Author: Alik Levin Date: 04/20/2007
Calculate Security Breach Cost Yourself
That is both amazing and amusing (I will leave "why" to myself....) but now CxO does not have to...
Author: Alik Levin Date: 04/19/2007
Security Development Session In The UK
Imagine if security was cool like Silverlight.... But security is not that cool, so the biggest...
Author: Alik Levin Date: 04/18/2007
Adding Shared SNK File In Visual Studio 2005
“Prior to Microsoft Visual C# 2005, you specified the key file using CLR attributes in source code....
Author: Alik Levin Date: 04/16/2007
Live Search Hacking Is Dead
I've used a bit dirty technique to promote Exception Handling as a security countermeasure: This is...
Author: Alik Levin Date: 04/15/2007
Waste No Time For Meeting Summaries
I always do meeting summaries. It keeps track for what/who/when. I do not care to do summaries for...
Author: Alik Levin Date: 04/13/2007
My Pipeline Is My Inbox
I keep seeing folks with thousands emails inside their Inbox... I hardly can get it. Actually I do...
Author: Alik Levin Date: 04/12/2007
Authentication Hub
Windows Authentication Identity Flow Through Physical Tiers Identity Flow Through Physical Tiers -...
Author: Alik Levin Date: 04/11/2007
Identity Flow Through Physical Tiers - Protocol Transition
If these articles: How To: Use Protocol Transition and Constrained Delegation in ASP.NET 2.0 Using...
Author: Alik Levin Date: 04/10/2007
I Thought Security And ROI Are Nonsense When Used Together
How wrong I was (Security and ROI)!! My basic breakdown was like "OK, ROI is return on investment -...
Author: Alik Levin Date: 04/10/2007
Basic Steps To Make ASP.NET Web Site CardSpace Aware
From short investigation and a lot of information from Richard Turner's screencasts Here is what I...
Author: Alik Levin Date: 04/09/2007
Identity Flow Through Physical Tiers - Delegation
If these articles: How To: Implement Kerberos Delegation for Windows 2000 How To: Use Impersonation...
Author: Alik Levin Date: 04/08/2007
IIS 6.0 Was True Love, New Romance Is About To Begin - IIS 7
I just could not hold it back - it is midnight and I am watching Richard Turner's screencast - New...
Author: Alik Levin Date: 04/07/2007
Identity Flow Through Physical Tiers - Impersonation
There are scenarios where actual windows identity of end user needs to be flowed to the server so...
Author: Alik Levin Date: 04/06/2007
Identity Flow Through Physical Tiers
Identity story with .Net really rocks, but along with great extensibility it also brings a lots of...
Author: Alik Levin Date: 04/05/2007
Who Access My File?
In my post File Access Auditing - I Am Not Afraid Of GPO I've digested technet documentation on how...
Author: Alik Levin Date: 04/03/2007
One Identity - Many Faces :IIdentity
User security context in .Net is abstracted by implementation of IPrincipl and IIdentity interfaces....
Author: Alik Levin Date: 04/02/2007
File Access Auditing - I Am Not Afraid Of GPO
Security logging and auditing mitigates repudiation threat (the "R" in STRIDE, see also Auditing and...
Author: Alik Levin Date: 04/01/2007
Security Code Inspection - Eternal Search For SQL Injection
Here are couple of techniques I used for searching hints of SQL Injections in .Net apps. The basic...
Author: Alik Levin Date: 03/31/2007
Different Ways To Get Hold On Certificates - Net FX 1.1, 2.0
Net FX 1.1: First, one need to export certificate to file (no private keys exported), from...
Author: Alik Levin Date: 03/30/2007
Lifetime Decision is Tomorrow
I am trying hard to post purely technical articles to my blog but today I am overwhelmed with strong...
Author: Alik Levin Date: 03/29/2007
Do Not Get Scared - I Changed My Skin...
I used to have MSDN skin for my blog. I am playing to be less "official" and more "readable". I got...
Author: Alik Levin Date: 03/29/2007
patterns & practices Guidance Explorer - The New Wave
Guidance Explorer is not only very powerful security (and performance) guidance tool - recently it...
Author: Alik Levin Date: 03/28/2007
Performance Testing For The Masses
"FAST is cool, huh" - good friend of mine told me. No doubt. How do I identify the bottleneck with...
Author: Alik Levin Date: 03/28/2007
Performance Gain - Security Risk
Reposted from Performance Gain - Security Risk Good intention for better performance may lead to...
Author: Alik Levin Date: 03/27/2007
Security .Net Code Inspection Using Outlook 2007
In my previous post, Code Inspection - First Look For What To Look For, I've described how to look...
Author: Alik Levin Date: 03/26/2007
XSS? - Do not Make Me Laugh, We Use WinForms
Reposted from XSS? - Do not Make Me Laugh, We Use WinForms I find myself sometimes (actually too...
Author: Alik Levin Date: 03/25/2007
Scriptomania - Scripting Tools and Utilities
From https://www.microsoft.com/technet/scriptcenter/createit.mspx Scriptomatic 2.0 Do-It-Yourself...
Author: Alik Levin Date: 03/23/2007
Security Language That Every One Understands
Although Michael Howard has some arguments about comparing software stuff with physical world I will...
Author: Alik Levin Date: 03/22/2007
Security Deployment Inspection Using Office.
I am a big fun of small time savers to be more productive. JD has the whole category for...
Author: Alik Levin Date: 03/22/2007
VSTS How To's - patterns&practices
It is not about what it does but how to use it (read this to understand the difference Driver's...
Author: Alik Levin Date: 03/21/2007
Code Inspection - First Look For What To Look For
Reposted from Security Code Inspection - First Look For What To Look For for further reuse on this...
Author: Alik Levin Date: 03/20/2007
SecureString Class Two Real Usages And Counting!
SecureString Class "Represents text that should be kept confidential. The text is encrypted for...
Author: Alik Levin Date: 03/19/2007
Good Chance For Canonicalization Attack When Using Path.Combine()
In my previous post, .Net Assembly Spoof Attack, I've described potential DLL hijacking/spoof attack...
Author: Alik Levin Date: 03/15/2007
.Net Assembly Spoof Attack
To be honest I am not sure about the name of such attack, but in the nutshell it is attack where the...
Author: Alik Levin Date: 03/12/2007
How I Create Videos Using Free Tools - Screen And Sound Capture At Once
Please visit landing page for these series How I Create Videos Using Free Tools where I explain the...
Author: Alik Levin Date: 03/10/2007
I Invite You To Rob Me
Is not it usual OOF message we put? "OOF until <<here comes date>> visiting customers in...
Author: Alik Levin Date: 03/09/2007
How I Create Videos Using Free Tools
I've recently been hooked on doing some video stuff for demo purposes. For example in this post I...
Author: Alik Levin Date: 03/06/2007