Larry Ellison's NetSuite, a vendor of on-demand, integrated business management application suites that provide ERP, CRM and e-commerce functionality for small and medium-sized businesses and divisions of large companies, announced SuitePhone, a capability that allows NetSuite customers to run business operations using the Apple iPhone. The new SuitePhone capability provides native support for Safari, the iPhone and Mac browser - allowing NetSuite's advanced, AJAX-based user interface technologies such as drop-down menus, drag-and drop portlets, and in-line editing, to be supported. In addition, the ERP, CRM and e-commerce functionality of NetSuite is now also available to Apple users, bringing them an on-demand, integrated business management application designed for the Apple platform. For more information, please visit www.netsuite.com/suitepho ne

Microsoft has said it will address a security hole in the IE browser by April 11 or sooner. But certain Web security companies have already developed temporary patches until Redmond fixes the problem on its own.

Ping Identity announced the expansion of its PingFederate Integration Kit family to include both Windows Kerberos and Oracle/Oblix COREid. These new Integration Kits join Ping's existing family of adapters for Windows Login, Java and .NET applications, CA eTrust SiteMinder and Salesforce.com in providing turnkey first and last mile integration when configuring PingFederate to deliver Web SSO using SAML 1.x, SAML 2.0 and WS-Federation.

The release of the .NET Framework 2.0 promises to be the first major upgrade to Windows and Web development tools since the initial release of .NET in 2001. In the realm of general networking, some of the major improvements to the Framework include FTP, Ping, packet tracing, and revised SMTP/MIME classes that are not dependent on the Windows SMTP service.

Nowadays it's quite common for us to write server-based applications. These apps differ from desktop applications in many ways - one of the most important of which is how they handle security. For a desktop application, security is easy. The application runs in the security context of the user who loaded it. Whatever the user has rights to, the desktop app has rights to, and nothing more. Server-based applications, on the other hand, run all the time and have their own security context, in addition to others they may impersonate.

Many applications (Web-based applications and forms-based ['smart client'] applications) typically use data stored in a database. While you may have firewalls and other protections established when running your application, your application can still be open to an attacker gaining direct (or indirect) access to information in your database. The most common and dangerous attack technique is to use SQL injection.

Is your data secured? Are you confident that the prying eyes of your competitors can't view sensitive information being stored on or transmitted from your applications? Are you sure that the data you receive from vendors and partners was actually sent by them?

How can you take advantage of the new security features of ASP.NET 2.0, and how can you extend them for the specific needs of your Web applications?

Microsoft yesterday warned customers who use Microsoft Proxy Server 2.0 or Microsoft Internet Security and Acceleration (ISA) Server 2000 about a vulnerability that could allow Internet content spoofing

BizTalk Server 2004 promises to be an invaluable tool for delivering on the promise of service-oriented architectures (SOAs): the agile enterprise, able to respond quickly to ever-changing business requirements. BizTalk is an enterprise application integration product whose reliance on XSD and XML means it is a natural integration tool for an SOA built from Web services.

Use of XML has become more and more popular over the past few years. Security is a big concern since the content of an XML file is in plain text and the information is in a human-readable form. The World Wide Web Consortium (W3C) has developed standards to meet the security requirements of an XML file conforming to common XML paradigms.

Last month (.NETDJ, Vol. 1, issue 12) we demonstrated a simple technique that allows you to avoid storing passwords in clear text, making your .NET applications more secure and safer should they somehow be compromised. In this article, we want to step back a bit and look at the big picture: application security from end to end.

It's a constant battle! Just when you think you understand security, someone or something reminds you of a whole aspect that you have been ignoring, usually at your peril. No matter how much you planned, prepared, worked, and worried about your plan of attack or defensive position, the job was literally never done!

In the first article in this series, 'Accessing Enterprise Data from SQL Server CE' [.NETDJ, Vol. 1, issue 6], we constructed a solution that allowed us to provide enterprise data access to mobile devices while in a disconnected environment using Visual Studio .NET 2003, the .NET Compact Framework, and SQL Server CE 2.0. Providing mobile users offline access to their enterprise data, along with the ability to propagate changes back to the server, is a powerful addition to any mobile architecture.

Industry analysts have estimated that over 70% of today's security breaches occur at the application level. Many are due to the exploitation of security defects within the code.

One of the most serious flaws of COM and API-based software development is that once you allow a component to run on your system, it has unrestricted permission to do anything. That's why viruses are such a problem - once they are on your system, there is little to protect you from their actions.

Security must be established from the moment application coding begins ­ for the simple reason that the cost of fixing a security flaw grows astronomically as the application evolves.

As the popularity of Web services increases, the security of Web service transactions is becoming a major concern. With a plethora of standards bodies and organizations working on different security standards and technologies for faster adoption of Web services, it is becoming increasingly difficult for Web services publishers and designers to choose the most appropriate security solution for their Web services.

In today's computing environment, creating applications that transfer data between devices on networks has become a necessity for programmers. Fortunately, Microsoft has included several classes in the .NET Framework that make network programming easy. The TcpClient, TcpListener, and NetworkStream classes are popular classes that provide all the functionality necessary to pass data across any network.

Are you aware that you might be shipping your source code with your .NET dll or exe? A new tool included in Microsoft's Visual Studio .NET 2003 can help you make sure that does not happen.

By now you've probably already created your first 'Hello World' application using one of the languages in the .NET Framework such as C# or VB.NET - or perhaps you've even managed VC++. The .NET Framework allows all kinds of different languages to utilize code written in various other languages and by other vendors. But there's a downside: how do you make sure your code isn't used by unauthorized clients?

By now you've probably already created your first 'Hello World' application using one of the languages in the .NET Framework such as C# or VB.NET ­ or perhaps you've even managed VC++.