Automating Code Review for Common ASP.NET Performance & Security Anti-Patterns

In this post I will share with you how to automate code review when searching MSIL for common performance and security anti-patterns. Scenario You are an application performance/security consultant who’s been asked to review a large application for common security and performance anti-patterns. You are given no time and no source code. What you are…

0

Security Code Review – Use Visual Studio Bookmarks To Capture Security Findings

How to streamline the process of capturing security flaws during security code review? How to save time and avoid switching between the tools? How to stay focused? In this post I will show my simple technique to capture security flaws using Bookmarks in Visual Studio. Create bookmark folders. Hit Ctrl + K and then Ctrl…

3

Use DIR Command To Generate List Of Files And Store It In File

DIR /S /B /A:-D I use simple DIR command to generate file lists. It serves me in many scenarios. For example, I use it to generate .Net assemblies list when I conduct preliminary scan as part of code inspection process. Here are the explanations to the switches: /S – search sub folders /B – bare…

2

XSSDetect Public Beta now Available!

XSSDetect public beta is now available for download on MSDN. Overview XSSDetect is a static code analysis tool that helps identify Cross-Site Scripting security flaws found within Web applications. It is able to scan compiled managed assemblies (C#, Visual Basic .NET, J#) and analyze dataflow paths from sources of user-controlled input to vulnerable outputs. It…

1

Visual Studio 2005 As General Code Search Tool

Visual Studio 2005 has powerful search capabilities. One of my favorites is “Find in Files”.     Just hit Ctrl+Shift+F (more shortcuts – My Favorite Shortcuts). Essentially it uses FindStr utility that sits in System32 folder and comes for free with Windows OS. FindStr is a command line utility and those who like typing would prefer…

7

Security Code Inspection – Eternal Search For SQL Injection

Here are couple of techniques I used for searching hints of SQL Injections in .Net apps. The basic approach is described here http://msdn2.microsoft.com/en-us/library/ms998399.aspx. It is basically split into two major parts – preliminary scan and the detailed scan. The keyword is hotspot – find hotspot and  investigate it accordingly. Hotspot can be something around SQL injection…

6

Performance Gain – Security Risk

Reposted from Performance Gain – Security Risk Good intention for better performance may lead to flawed design and bring in more security risks. Consider the following ASPX page: Here is why it cannot be accessed: When trying to navigate there you get:   Great, love URL authorization!!   Now let’s examine another ASPX page: When navigating to…

4

Security .Net Code Inspection Using Outlook 2007

In my previous post, Code Inspection – First Look For What To Look For, I’ve described how to look for sensitive data and hints in the compiled assemblies. The other challenge I was looking to solve is boosting my productivity. So with little magic of scripting (more magic here Scriptomania – Scripting Tools and Utilities)…

8

Code Inspection – First Look For What To Look For

Reposted from Security Code Inspection – First Look For What To Look For for further reuse on this blog. I found it extremely productive to first look for strings in the code. But what strings to look for? And how to look for the strings? Looking into the source files? My good friend FindStr is of…

8

Good Chance For Canonicalization Attack When Using Path.Combine()

In my previous post, .Net Assembly Spoof Attack, I’ve described potential DLL hijacking/spoof attack when using reflection for dynamically loaded assemblies. Today I was reviewing some project where I stumbled on exactly such case. One thing that caught my eyes was that path to reflected DLL, the one to be loaded dynamically was built like…

0