Finding SQL Injection with Scrawlr(communities.hp.com)

submitted by Robr(190) 3 years, 10 months ago

Microsoft worked with the HP Web Security Research group to release the Scrawlr tool. The tool will crawl a website, simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. This will allow an IT/DB admin to easily find vulnerabilities similar to the ones that have been used to compromise sites in recent attacks. No source code is required to run this tool. From a starting URL, the tool recursively crawls that URL in order to build up a site tree that will be then analyzed for SQL injection vulnerabilities. read more...

add a comment |category: Security |Views: 19

tags: Scrawlr SQLInjection Security another

Hybrid Analysis - The Answer to Static Code Analysis Shortcomings(portal.spidynamics.com)

submitted by Robr(190) 4 years ago

Follow-up post to "Static Code Analysis Failures" and introduction to the concept of Hybrid Analysis. read more...

add a comment |category: Security |Views: 12

tags: Security another

Static Code Analysis Failures(portal.spidynamics.com)

submitted by Robr(190) 4 years ago

Static code analysis failures are costing enterprises money and reputation. White-box security testing is inherently a flawed proposition for many reasons -but it all comes down to a very simple concept: Machines do not execute source code, they execute machine code (compiled code). read more...

add a comment |category: Security |Views: 8

tags: Security another

Official BlogEngine.NET Security Patch(dotnetblogengine.net)

submitted by rimsystems(6119) 4 years, 1 month ago

Over the weekend, we were alerted to a security flaw in BlogEngine.NET 1.3.0.0. We have created a new release 1.3.1.0 which corrects this issue and are making a patch available here for users running 1.3.0.0. For those people running development version of BlogEngine.NET (from the source tab on CodePlex), please note that the latest release 1.3.0.29 has the security fix as well. read more...

4 comments |category: Security |Views: 4

tags: Security another

In "cyberspace"... no one can hear your database scream(portal.spidynamics.com)

submitted by Robr(190) 4 years, 1 month ago

It's 2:34am, local time. You're snoring up a storm after a hard day at the office. You've patched all your servers, your lockdown scripts have been verified, and your IDS is humming along perfectly. Oh, and by the way, someone named "R0kk1t" just stole your customer database. A quick check of the "Security Dashboard" when you get in at 8:00am will show everything is green... You have a serious problem. read more...

add a comment |category: Security |Views: 0

tags: Security another

OWASP Enterprise Security API(code.google.com)

submitted by Robr(190) 4 years, 1 month ago

The purpose of the ESAPI is to provide a simple interface that provides all the ordinary security functions a developer is likely to need in a clear, consistent, and easy to use way. The ESAPI architecture is very simple, just a collection of classes that encapsulate the key security operations most applications need. read more...

add a comment |category: Security |Views: 9

tags: Security another

Phishing Holes(blogs.msdn.com)

submitted by Robr(190) 4 years, 1 month ago

ASP.NET preventing phishing with SafeRedirect implementation behind Response.Redirect. Calls to SafeRedirect.Redirect will only succeed if the specified URL belongs to a predefined “whitelist” of known good domains specified in the application’s configuration file. read more...

add a comment |category: Security |Views: 3

tags: Security another

"Security Vulnerability" != "Defect" ; why?(portal.spidynamics.com)

submitted by Robr(190) 4 years, 1 month ago

What is an application defect? How is that different from a security vulnerability? Historically, security vulnerabilities have been in a class all their own. In an attempt to put some urgency to the matter, security professionals have labeled defects in the security of their projects as an entirely different thing than a functional defect. read more...

add a comment |category: Security |Views: 1

tags: Security another

ASP.NET ValidateRequest does not mitigate XSS completely(blogs.msdn.com)

submitted by Robr(190) 4 years, 7 months ago

As a security guy, I can safely say that there is no magic bullet to mitigate any security problems completely, and cross-site scripting(XSS) bugs are not exceptions. read more...

add a comment |category: Security |Views: 18

tags: Security another

The WaterHobo(waterhobo.com)

submitted by Robr(190) 4 years, 7 months ago

Guy built a motion sensing water gun to scare rabbits out of his garden. AForge.NET used. Awesome! read more...

6 comments |category: Other |Views: 30

tags: AForge.NET another

Top 10 Security Vulnerabilities in Web.config Files Part 1(spidynamics.com)

submitted by Robr(190) 4 years, 7 months ago

These days, the biggest threat to an organization’s network security comes from its public Web site and the Web-based applications found there. Unlike internal-only network services such as databases—which can be sealed off from the outside via firewalls—a public Web site is generally accessible to anyone who wants to view it, making application security an issue. read more...

add a comment |category: Security |Views: 8

tags: Security another

Top 10 Security Vulnerabilities in Web.config Files Part 2(spidynamics.com)

submitted by Robr(190) 4 years, 7 months ago

Some of the most common and dangerous application security vulnerabilities that exist in ASP.NET Web-based applications come not from the C# or VB.NET code that make up its pages and service methods, but instead from the XML code that makes up its Web.config files. read more...

add a comment |category: Security |Views: 6

tags: Security another

Mastering GUIDs with Occam's Razor(codinghorror.com)

submitted by Robr(190) 4 years, 7 months ago

Do you love GUIDs? read more...

1 comment |category: Regular Expressions |Views: 3

tags: RegEx another

Home Automation with Windows Workflow(blogs.msdn.com)

submitted by Robr(190) 4 years, 7 months ago

There are some pretty good Home Automation packages out there on the market. Some of these are made for installers and are thus closed to easy customization by the end user. Then there are packages that are made for hobbyists. These have good core automation systems, and provide some add-in points for customization. read more...

add a comment |category: Windows Workflow Foundation |Views: 50

tags: WWF another

Implement Yahoo's YSlow in your Asp.net pages(geekswithblogs.net)

submitted by kazimanzurrashid(3965) 4 years, 9 months ago

Enhanced version of Combining Multiple JS and CSS files into one. Now supports Compression, Minifier for JS and CSS files. read more...

add a comment |category: ASP.NET |Views: 45

tags: Performance another

The Least You Need to Know about C# 3.0 (Beta 2 Edition)(blogs.msdn.com)

submitted by Coldduck9(470) 4 years, 10 months ago

A lot of people (myself included) have written about LINQ in the next version of C#. LINQ is indeed an empowering technology. However, even without LINQ, C# 3.0 would be a compelling upgrade. Now that Beta2 is publicly available, here’s my personal list of the most useful features in the next release. read more...

add a comment |category: C# |Views: 2

tags: LINQ .net3.5 .Net C# VisualStudio another