SQL Injection through cookies(barmagy.com)

submitted by Fady(275) 4 years, 1 month ago

Through my career as a developer I’ve seen many developers that are not aware about the possibility of SQL injection through cookies. Cookies in fact is a user input and as any input it must be validated and because normal users don’t see cookies that doesn’t mean attackers won’t temper with it. read more...

add a comment |category: Security |Views: 43

tags: Security another

Facebook XSS Vulnerability(today i was taking a look at the facebook ajax java script that is responsible to give suggestions in the search text box you find under the facebook logo on the left)

submitted by Fady(275) 4 years, 1 month ago

A Facebook XSS security vulnerability that might enable hackers to obtain your friends list by just visiting a web site containing some AJAX code that makes requests in behalf of you read more...

1 comment |category: Security |Views: 155

tags: Security another

Catch hackers red handed using http modules(barmagy.com)

submitted by Fady(275) 4 years, 1 month ago

Here is a nice trick to help you to detect hackers in action while trying to hack your web applications. The idea is very simple, we want to set a layer there between your application and the internet to watch the web traffic for anything suspicious. These suspicious things might be a query string that contains a XSS script or a SQL injection query. So we will monitor the web traffic that is passing through that layer for well known and common patterns of attack methods that most hackers use to scan your web applications for vulnerabilities. We will use http modules to implement that layer, here is some dirty code to demonstrate the idea. read more...

1 comment |category: Security |Views: 34

tags: Security another

The most common software security mistakes(barmagy.com)

submitted by Fady(275) 4 years, 5 months ago

Through my humble experience with software development I’ve seen developers making fetal security mistakes without even feeling that they are doing something wrong. So I’ve decided to gather these common mistakes in a list so it would be easier to avoid. Through this article I will give examples regardless to the used technology but the concepts applies to all technologies. So here we go read more...

2 comments |category: Security |Views: 11

tags: Security another

Anti XSS AJAX (barmagy.com)

submitted by Fady(275) 4 years, 5 months ago

XSS have became a problem that most web developers still suffering from it tell now, simply because however you try hard to validate every user input it only takes a single line of code that prints out the user input without validation to render your whole application vulnerable to XSS attacks read more...

add a comment |category: Security |Views: 17

tags: another

alert(“XSS”) (barmagy.com)

submitted by Fady(275) 4 years, 5 months ago

XSS? What is XSS? Well, to cut it short XSS is the abbreviation of Cross Site Scripting but the C have been replaced with X because CSS already means Cascaded Style Sheets plus XSS is a much cooler name ;) so what is XSS again? read more...

add a comment |category: Security |Views: 12

tags: XSS another

Let’s talk pure ajax(barmagy.com)

submitted by Fady(275) 4 years, 6 months ago

Hello guys, today I’m going to talk about ajax but lets 1st explain this strange expression in this article title “pure ajax”, actually it’s an expression that I’ve came up with after very different incidents that convinced me to use this expression to differentiate between ajax and what people call ajax as a misconception. So the 1st question that would pop up what is ajax in the 1st place? Ofcourse lots of us I assume know that the acronym ajax stands for asynchronous java script and XML but lets explain this a little bit more further, XML here means that we would transmit data in the XML format but what about the asynchronous java script? Is it a new type of java script that came out after web 2.0 hype? Yes? Actually the answer is no, I’ve passed by several individuals that think that ajax came “after” the web 2.0 so called hype and they didn’t believe me when I told them no ajax programming techniques was already there covered with dust far before even the expression web 2.0 was invented and actually the expression asynchronous java script is all about an object called XMLHttpRequest that supports that a java script can send a GET or a POST request to a web server through the http protocol asynchronously or synchronously..... read more...

add a comment |category: AJAX |Views: 5

tags: AJAX another

Don’t rely on obfuscation(barmagy.com)

submitted by Fady(275) 4 years, 6 months ago

A white paper demonstrating the weaknesses of managed code obfuscation known protection techniques read more...

add a comment |category: Security |Views: 9

tags: Reverse Obfuscation Cracking Security Engineering another