MVC Routing Security Hole(squaredroot.com)

submitted by TroyMG(2670) 3 years, 7 months ago

Stephen Walther's latest MVC tip introduced me to the MVC framework's ability to pass server variables into actions as parameters. Unfortunately using this feature is a very bad idea and could jeopardize the security of your application. Take a look at a code sample you might find surprising. read more...

add a comment |category: ASP.NET |Views: 238

tags: hacking mvc.net TroyGoode ASPNETMVC 3.5 another

Hands-on SQL Injection(duartes.org)

submitted by gustavod(775) 3 years, 11 months ago

Explains SQL Injections, lets you perform a SQL injection against a live database, and explains how to mitigate the problem. If you are trying to get someone to write injection-proof code, I hope this will motivate them :) read more...

add a comment |category: Security |Views: 7

tags: hacking Security Database another