Beauty Aint Necessarily in the Eye of the Beholder

There’s a truism that says, "beauty is in the eye of the beholder."    I’m here to tell you that that’s not precisely the case; that the quality of beauty is not subjective.  Beauty is clearly definable, and universally understandable. You look at a person, a picture, or a user interface UI), and you can quickly …

1

Obfuscation Explained…

Hi Vineet Batta here…. Background Programs written for .NET are relatively easy to reverse engineer. You can use free tools like Lutz Roeder’s .NET Reflector to load .NET assemblies and view all the code (IL) contained within them. This is not in any way a fault in the design of .NET; it is simply a…

3

Client-Side Scripting Languages Support in AntiXSS

Anil Chintala here… Recently I was asked about a question on client-side scripting language support in AntiXSS library. Q: Does AntiXSS library support client-side Java Script language? Yes, AntiXSS does provide support for client side scripting languages like Java Script and Visual Basic scripting languages. AntiXSS library provides methods like JavaScriptEncode(…) and VisualBasicScriptEncode(…) for use…


Which ASP.NET Controls Need HTML Encoding?

RV here… Last time we saw some some real world XSS examples. This time we will look at which common ASP.NET controls require encoding. Some controls in ASP.NET automatically encode certain properties when rendered, not all the controls do the same. We looked at ASP.NET controls during AntiXss development and here are some common controls…

4

Trip Report : Day Three of Gartner BPM Conference

Marius here again….. Highlights: On average, 80% of the IT budget goes toward maintenance and only 20% goes to new projects. On top of that, IT budgets keep shrinking year after year. This creates a big challenge in funding large initiatives like BPM. IT projects for cost reduction have been successful in the past, but…

1

There’s a LOT More to Building Security Software than Software Security

Mark Curphey here….. I often get asked exactly what I do for a living at Microsoft. Many people associate my name with OWASP, my personal blog and software security in general. When I say I am a PUM (Product Unit Manager)  and run a team that builds security tools most people understandably assume that we…


Designing Whole Systems

Hi Dennis Groves here…… Recently I was questioned over a comment I made about a USB key being functionally equivalent to a Smart Card in a discussion about bit-locker. I of course not understand that they are technically not equivalent. Smart cards have their own operating systems and USB keys don’t. And that is huge;…

1

How Do you Get from Theoretical Physics to Information Security?

Hi Andreas Fuchsberger here…..and no this is not a new Seinfield commercial! The much anticipated and televised switch-on of the Large Hadron Collider (LHC) at CERN made me realise again how little we know about life and how much there is still for humanity to explore. It also led me to make a connection between…

1

Trip Report : Day Two of Gartner BPM Conference

Hi Marius here again with highlights from day 2 of the Gartner BPM conference. Back of the Napkin You may have heard of the book called The Back of the Napkin: Solving Problems and Selling Ideas with Pictures. It’s one of the latest books creating a buzz in business community. Dan Roam, the author of…

2

Trip Report : Day One of Gartner BPM Conference

Marius Grigoriu here…. I am a Program manager with CISG and in keeping with good program management its straight down to business. Today was the first official day of the Gartner BPM Conference at Washington DC and I am posting daily trip reports. In the Connected Information Security Group we believe that BPM or Business…

1