ASP.NET and the Padding Oracle Attack: Wrap-up(securitythroughabsurdity.com)

submitted by j.monty(1868) 1 year, 8 months ago

Based on the news that was released at the time, it appeared that this vulnerability was just an issue AES. It turns out that this was false and that that this attack works against ANY BLOCK CIPHER meaning 3DES was also vulnerable. This wrap-up links to some mitigation techniques and also discusses how to protect against padding oracle attacks using Digital Signatures. read more...

3 comments |category: Security |Views: 338

tags: Security another

Vulnerability in .NET AES puts ASP.NET Web Sites at Risk(securitythroughabsurdity.com)

submitted by j.monty(1868) 1 year, 8 months ago

ASP.NET web applications that leverage Forms Authentication, ASP.NET Membership Providers, ASP.NET Role Providers, and/or ViewState encryption are vulnerable to data exposure and potentially tampering. This vulnerability can lead to the .NET MachineKey being discovered by attackers. This post briefly details the issue and provides a simple temporary mitigation technique. read more...

2 comments |category: Security |Views: 370

tags: aes vulnerability encryption Security ASP.NET another

Smart Card Authentication Module Update - added Support for Membership(securitythroughabsurdity.com)

submitted by j.monty(1868) 2 years ago

This is a follow-on update on how to implement non-Active Directory Integrated Smart Card / Client Certificate Authentication with ASP.NET using Http Modules. This long overdue version adds support for ASP.NET Membership, Roles, and Profiles. read more...

add a comment |category: ASP.NET |Views: 193

tags: SmartCard Roles Authentication ASP.NET Membership another

Session Attacks and ASP.NET - Part 2(blogs.sans.org)

submitted by j.monty(1868) 2 years, 11 months ago

In Session Attacks and ASP.NET - Part 1, I introduced one type of attack against the session called Session Fixation as well as ASP.NET's session architecture and authentication architecture. In this second post, I'll delve into a couple specific attack scenarios, cover risk reduction, and countermeasures specific to ASP.NET for protecting against session attacks in ASP.NET read more...

add a comment |category: Security |Views: 324

tags: Session Authentication Security ASP.NET another

Security Vulnerability Analysis for Fiddler(securitythroughabsurdity.com)

submitted by j.monty(1868) 3 years ago

Fiddler Plugins for Site Spider, Fuzzer, XSS/CSRF vulnerability detection, SQL Injection detection, Session Tampering, Information Leakage detection, etc. A ViewState decoder proof-of-concept has been completed. Looking for contributors as well. read more...

add a comment |category: Security |Views: 42

tags: Security another

A Localization Handler to serve ASP.NET Resources to JavaScript(west-wind.com)

submitted by rstrahl(7226) 3 years, 1 month ago

Here's an implementation of an HTTP handler that can serve ASP.NET Server resources to JavaScript clients easily. The handler can provide both local and global, normalized server resources to client JavaScript pages as objects, so that you can localize resources in one place on the server. Use standard Resx resources or custom database resource provider from the Westwind.Globalization tools (included in the download) read more...

add a comment |category: ASP.NET |Views: 208

tags: ASP.NET Localization another

Debugging MOSS 2007 Web Parts(blogs.atgi.com)

submitted by gabe19(43) 3 years, 6 months ago

Helpful little tip for debugging sharepoing web parts. Great time saver. read more...

add a comment |category: ASP.NET |Views: 7

tags: ASP.NET another

Asp.Net AJAX Client Side Templated Data Bound Control(gabe19.blogspot.com)

submitted by jeffesp(25) 3 years, 9 months ago

A server control that allows you to specify header, item, and footer templates for a basic data list that will be bound on the client based on either a given web service method, or on a data-source provided client side. The templates are rendered server-side before being passed to the client behavior which allows you to use other server-side controls in the development of the templates. read more...

add a comment |category: AJAX |Views: 22

tags: AJAX another

DnDns - A .NET DNS Client Library (Resolver) (choosing-a-blog-url-sucks.blogspot.com)

submitted by j.monty(1868) 4 years, 3 months ago

A DNS protocol library written completely in managed code. Supports common DNS records types like A, CNAME, MX, SRV, and more. read more...

2 comments |category: Open Source |Views: 284

tags: dns protocol networking OpenSource C# another

TableAdapterManager in ADO.NET Orcas(blogs.atgi.com)

submitted by jmbledsoe(460) 5 years ago

A description of the new TableAdapterManager for DataSets in Visual Studio Orcas, as well as a data-access framework that enables similar function now. read more...

add a comment |category: ADO.NET |Views: 60

tags: Orcas .net3.5 ADO.NET VisualStudio another

Implementing SmartCard Authentication with ASP.NET (choosing-a-blog-url-sucks.blogspot.com)

submitted by j.monty(1868) 5 years, 1 month ago

This is my 9 page follow-up article on how to implement non-Active Directory Integrated Smart Card Authentication with ASP.NET using Http Modules. read more...

add a comment |category: Security |Views: 412

tags: Authentication SmartCard Security ASP.NET another

Evil Variable Init in VB.net(johnsbraindump.blogspot.com)

submitted by gabe19(43) 5 years, 9 months ago

Explanation of evil vb.net problem in using block scoped variables. read more...

add a comment |category: VB.NET |Views: 5

tags: another

Hydrus DataSetToolkit Application(hydrussoftware.com)

submitted by j.monty(1868) 6 years ago

With the DataSetToolkit you can interact dynamically with your application datasource without ever writing a single SQL query. The DataSetToolkit includes a unique command generator which inspects your DataSet to generate dynamic select queries. You can customize any query via included WhereConstraint objects, or extend the object model to create your own. With the DataSetToolkit you also no longer need to maintain a DataAdapter for every table, but can use the MultiTableDataAdapter to fill or update any table in your DataSet. You choose the DBMS provider, and the DataSetToolkit does the rest. read more...

7 comments |category: Products |Views: 6

tags: another