Review on My Past Posts

It’s amazing to see that I have blogged for more than one year. Some of my posts are about things and lessons that I learned from work and research. But most of them are notes taken by reading articles and books. I recorded things that I felt touching and useful. My posts represent my interests at the time when they are posted. Actually I use my blog as my notebook. I need to come to my blog quite often to check things. Since I have many posts, now it’s a good time to group them so that I can check thing more efficiently. That’s the purpose of this post.

IIS and ASP.NET security:
Protected Directories in ASP.NET
Protecting Resources in IIS
Accessing Files in IIS 6.0

IIS:
SSL Session Key and Key Pair
Compatibility Issues From IIS 5.0 to IIS 6.0

Enhanced Security Configuration for IE:
IE Enhanced Security Configuration and Smart Clients on SSL
Enhanced Security Configuration for Internet Explorer

SQL Server security:
Phases of SQL Injection
The Main Threats to a Database Server
Some Common SQL Injection Commands
Preventing SQL Injection Attacks
How to Grant Access to SQL Server for the Network service account
Find Other Procedures Using the Same DLL
Some Useful SQL Queries

ASP.NET security:
The Main Threats to a Web Server
How to Create a Service Account for ASP.NET
New Security Features in ASP.NET 2.0
The one-click attack and ViewStateUserKey

ASP.NET
Web Parts in ASP.NET 2.0
ViewState in ASP.NET 2.0
ViewState in ASP.NET 1.x
Reviewing State Management in ASP.NET
Instrument and Monitor Your ASP.NET Apps Using WMI

ACLs and privileges:
Manipulate Privileges in Managed Code
Access to ACLs with the .NET Framework
Some Basic Facts about Access Control

Encryption:
XML Signatures and Encryption


.NET Framework 2.0 resources:
WinForms 2.0 resources

Version compatibility in .NET:
Upgrade to .NET Framework 2.0
Assembly Binding Redirection
Determining Which Version of the Runtime to Load
Version Compatibility

Smart clients:
Identifying Data Stored on the Client for Smart Clients

.NET CF:
The Challenge with Smart Device Development Using the .NET CF
Mobile Device Supports in Visual Studio 2005
The .NET CF Shipped with Visual Studio 2003

Sockets in .NET:
NegotiateStream
Sockets in .NET
Aborting a TcpListener listening thread
Derived TcpClient classes used on the server side

Reflection:
Improving Reflection Performance
What Reflection APIs Are Slow and What Are Not?

Images and drawing:
How to create a 1-bit-per-pixel image from a true-color image in .NET
Some Basic Facts about GIFs

Web services:
Three ways to consume Amazon Web services in .NET
Consuming Web Services Efficiently
Amazon Simple Queue Service (Beta)

SOA and WSE:
Signed Messages in WSE
Securing Service Oriented Architecture with WSE 2.0

Multithreaded:
Concurrency: What Every Dev Must Know About Multithreaded Apps
Ian Griffiths on UI Thread
BackgroundWorker Component in Windows Forms 2.0

CLR internals:
Method Slot Table and MethodDesc
ObjectInstance
Type Fundamentals
Domains Created by the CLR Bootstrap

Localization:
Thread.CurrentCulture and Thread.CurrentUICulture
CultureInfo.CurrentCulture and CultureInfo.CurrentUICulture
Globalization Features in Whidbey

X.509 Certificates:
Using an X.509 Certificate in WSE 2.0
X.509 Certificates

Logging and event log:
Security Log
Network Service and Event Log
Tampering with Log Files
Richard Grimes on EventLog

Generics:
What Are the Benefits of Generics?
How Are Generics Implemented?
How Are Generics Different from Classic Visual C++ Templates?

VSTS:
Visual Studio 2005 Team System

Windows Vista:
Security in Windows Vista: UAP and NAP Framework

Misc on .NET:
System.DirectoryServices
Constrained Execution Regions in the .NET Framework 2.0
You can't directly change boxed values in an array list
Export ASP.NET Data to Microsoft Office
One Issue on FxCop
All about Statics

Design patterns:
Static Classes in C# 2.0 and Abstract and Sealed Pattern
Abstract and Sealed Pattern in .NET
Bridge Pattern and Abstract Factory Pattern
Bridge Pattern and Strategy Pattern
Some mandates of the design pattern community

Design related:
Emergent Design
Alan Shalloway's Rules
A XP Developer's View Point
Steve McConnell's Comment
XP and design

Debugging:
A SOS Extension Issue in VS 2005 Beta 2
SOS Commands
Some Useful Tools in Production Debugging

Unit tests:
Best Practices for Writing Unit Tests
Benifits of Team Test

Data Execution Prevention (DEP):
An Example of Compatibility Issues with Data Execution Prevention
Data Execution Prevention in XP Service Pack 2

Software security lifecycle:
SD3+C: High-level Principles for Building More Secure Software
Three Facets to Building More Secure Software

Security related coding:
WindowsIdentity.Groups
Thread.CurrentPrincipal in .NET Framework 2.0
How to Handle Exceptions Securely
Keeping Attackers Out of the Control Channel
How to Develop Code as a Non Admin
Where to store data files?
Using the ASP.NET Credentials Management Infrastructure in a Windows Forms Application
Application Development Security Guidance for .NET 2.0

Network security:
A Definition of Network Security
The Defense-in-Depth Model
Keep Security Simple
People+Processes+Technology
System Admin vs. Security Admin
Types of Network Attacks
Emergency Response Process
The Goal of a Security Audit
Accessing and Managing Security Risks

Security policies:
Policy, Process, and Technology
Why a Security Policy Is Necessary
How to Make Users Aware of Securities Policies
Some Policies You Might Need

CIA:
Credentials and Delegation
How to Provide CIA for A Network Connection?
What Does A Network Authentication Protocol Do?

Detection and avoiding detection:
Some Common Ways an Attacker Can Attack IDSs and IPSs
IDSs and IPSs
How Attackers Avoid Detection Post-Intrusion
Some Common Ways Attacks Avoid Detection

Penetration Testing and Vulnerability Scanning:
Difference between Penetration Testing and Vulnerability Scanning
Steps for a Vulnerability Scanning

DNS:
Some Useful nslookup Commands
Types of DNS Zones
Three DNS Server Configuration Roles
How does DNS resolve FQDNs to IP addresses?

IPsec:
Using IPsec for Domain Isolation
Using IPsec to Protect Servers
IPsec over NAT
Notes on IPsec

Misc on network security:
Notes on VPN
Hacking the Windows SMB tutorial
Network Sniffers
Well-known Ports

Misc:
Watching the First XAML Presentation
NTFS Alternate File Streams
Hiding Files on Windows Systems
CodeAsDocumentation by Martin Fowler
The 46 Best-ever Freeware Utilities
Gordon Moore: Software is too complex
Microsoft® Dynamic Systems Initiative
The Philosophy of Profilers
How to get around "right click disabled" on some websites?
Windows XP Service Pack 2