ASP.NET and the Padding Oracle Attack: Wrap-up(securitythroughabsurdity.com)

submitted by j.monty(1868) 1 year, 8 months ago

Based on the news that was released at the time, it appeared that this vulnerability was just an issue AES. It turns out that this was false and that that this attack works against ANY BLOCK CIPHER meaning 3DES was also vulnerable. This wrap-up links to some mitigation techniques and also discusses how to protect against padding oracle attacks using Digital Signatures. read more...

3 comments |category: Security |Views: 338

tags: Security another

Vulnerability in .NET AES puts ASP.NET Web Sites at Risk(securitythroughabsurdity.com)

submitted by j.monty(1868) 1 year, 8 months ago

ASP.NET web applications that leverage Forms Authentication, ASP.NET Membership Providers, ASP.NET Role Providers, and/or ViewState encryption are vulnerable to data exposure and potentially tampering. This vulnerability can lead to the .NET MachineKey being discovered by attackers. This post briefly details the issue and provides a simple temporary mitigation technique. read more...

2 comments |category: Security |Views: 370

tags: aes vulnerability encryption Security ASP.NET another

Security Vulnerability Analysis for Fiddler(securitythroughabsurdity.com)

submitted by j.monty(1868) 3 years ago

Fiddler Plugins for Site Spider, Fuzzer, XSS/CSRF vulnerability detection, SQL Injection detection, Session Tampering, Information Leakage detection, etc. A ViewState decoder proof-of-concept has been completed. Looking for contributors as well. read more...

add a comment |category: Security |Views: 42

tags: Security another

Security Vulnerability of the Week #1: SQL Injection(securitythroughabsurdity.com)

submitted by j.monty(1868) 3 years, 2 months ago

This article begins a semi-regular series that will explores the most common vulnerabilities and the mind-set of the developers that create them and also explore how to deal with them. The first post in the series takes a look at the OWASP top number 2 vulnerability, Injection (specifically SQL Injection) - which has been a known and solved problem for over 10+ years, yet for some reason, it's still as common as ever. read more...

1 comment |category: Security |Views: 276

tags: Injection OWASP Security SQL another

Pocket DnDns Release(securitythroughabsurdity.com)

submitted by j.monty(1868) 3 years, 5 months ago

DnDns, a .NET DNS resolver library completely implemented in managed code ported to the Compact Framework. Pocket DnDns also comes with a basic GUI application that allows a variety of DNS Lookups of various record types from your Compact Framework supported portable devices. Source Code is also available under the New BSD License. read more...

add a comment |category: Compact Framework |Views: 4

tags: dns protocol wince mobile OpenSource another

Asp.Net AJAX Client Side Templated Data Bound Control(gabe19.blogspot.com)

submitted by jeffesp(25) 3 years, 9 months ago

A server control that allows you to specify header, item, and footer templates for a basic data list that will be bound on the client based on either a given web service method, or on a data-source provided client side. The templates are rendered server-side before being passed to the client behavior which allows you to use other server-side controls in the development of the templates. read more...

add a comment |category: AJAX |Views: 22

tags: AJAX another

DnSmtp - A .NET SMTP Client Library in C#(choosing-a-blog-url-sucks.blogspot.com)

submitted by j.monty(1868) 3 years, 11 months ago

DnSmtp is a fully management SMTP client library written in C#. It provides two delivery methods - Relay and Direct. In relay delivery mode, it will relay messages through your local SMTP server. In direct delivery mode or it will resolve the MX record of the recipient's email address and connect to the recipients server directly and drop the mail message. read more...

add a comment |category: Open Source |Views: 448

tags: Library SMTP protocol OpenSource C# another

DnDns - A .NET DNS Client Library (Resolver) (choosing-a-blog-url-sucks.blogspot.com)

submitted by j.monty(1868) 4 years, 3 months ago

A DNS protocol library written completely in managed code. Supports common DNS records types like A, CNAME, MX, SRV, and more. read more...

2 comments |category: Open Source |Views: 284

tags: dns protocol networking OpenSource C# another

TableAdapterManager in ADO.NET Orcas(blogs.atgi.com)

submitted by jmbledsoe(460) 5 years ago

A description of the new TableAdapterManager for DataSets in Visual Studio Orcas, as well as a data-access framework that enables similar function now. read more...

add a comment |category: ADO.NET |Views: 60

tags: Orcas .net3.5 ADO.NET VisualStudio another

Implementing SmartCard Authentication with ASP.NET (choosing-a-blog-url-sucks.blogspot.com)

submitted by j.monty(1868) 5 years, 1 month ago

This is my 9 page follow-up article on how to implement non-Active Directory Integrated Smart Card Authentication with ASP.NET using Http Modules. read more...

add a comment |category: Security |Views: 412

tags: Authentication SmartCard Security ASP.NET another

Community Server 2007 Beta 2, Now Available!(weblogs.asp.net)

submitted by thoemmi(340) 5 years, 2 months ago

Rob Howard announces availability of Community Server 2007 Beta 2 read more...

add a comment |category: Community |Views: 4

tags: CommunityServer 2007 ASP.NET Beta Community another

Escaping Tables With CSS(johnsbraindump.blogspot.com)

submitted by jmbledsoe(460) 5 years, 5 months ago

While this isn't totally .NET related, I think that the crowd here will be able to relate to this dilemma. We're .NET developers who do HTML and CSS, and this is a common problem that we've all run into. read more...

add a comment |category: IE |Views: 9

tags: CSS IE another

The Case for Emacs(derekslager.com)

submitted by derekslager(420) 5 years, 5 months ago

Why gaining proficiency in Emacs can make you a better, more versatile developer. read more...

add a comment |category: Products |Views: 2

tags: Emacs another

Finding the Current and Last Page Numbers of a Crystal Report in ASP.(johnsbraindump.blogspot.com)

submitted by jmbledsoe(460) 5 years, 11 months ago

I had the hardest time finding a good and relatively efficient way to do this, so when I found it, I wanted to share it with everyone. Read on if you've run into this problem before. read more...

add a comment |category: Tips & Tricks |Views: 1

tags: another

Wilco.SyntaxHighlighter: must download control(pheedo.com)

submitted by kaschimer(170) 5 years, 11 months ago

Free source code for a SyntaxHighlighter. Worth taking a look for sure, and possibly even downloading and using. read more...

add a comment |category: Other |Views: 59

tags: syntaxhighlighter another

TDD By Example - Money(jpboodhoo.com)

submitted by bitwisejp(1040) 6 years ago

Learn how to use TDD to drive out a simple scenario. Creating a custom type to encapsulate money. If you find yourself using decimals a lot to represent money in your application, then get started building a first class type that encapsulates the rules for you. In the process, learn how using TDD can help you drive out the functionality in small testable pieces. read more...

1 comment |category: C# |Views: 594

tags: TDD another