HelloSecureWorld.com Launched

Discover the New HelloSecureWorld Security Resource www.HelloSecureWorld.com provides a powerful experience for promoting security awareness and education in the developer community by surfacing existing content as well as new.  Well, If you like learning while having FUN then hellosecureworld.com is the resource for you. It brings non traditional ways to provide security awareness and education among the developer community – Virtual…

2

First Line of Defense for Web Applications – Conclusion

Platform features for validating input in .NET Framework There are many platform features which should be leveraged wherever possible. Some of the key validation features supported by .NET framework are given below:   ValidateRequest ASP.NET performs request validation against query-string and form variables as well as cookie values. By default, if the current Request contains…

4

First Line of Defense for Web Applications – Part 5

First of all folks, my apologies for this delayed post. I have been traveling and busy doing a very  interesting Threat Modeling exercise. But i am back & Lets cover some other validation bloopers – SQL injection  Weak Validation Examples Code Snippets a)      Replacing single Quotes to double quotes Sample.aspx.cs   catergoryID=Request.QueryString(id);   SqlCommand myCommand = new SqlCommand(“SELECT  *…

2

First Line of Defense for Web Applications – Part 4

I am on a red eye flight back to Seattle from Dulles, VA where I just finished delivering some security training. Traveling back in time, jet lagged, not able to sleep so I thought of finishing my blog post for this week to kill some time. 🙂 Ok, so now that we have discussed the…

7

First Line of Defense for Web Applications – Part 3

Precaution: Are you consuming Unexpected Input Technology is developing fast and web programming languages are coming up with features or ways to ease the job of our developers. Although it brings a smile on developers face, there is a flip side to this. Attackers are exploiting these shortcuts to pass unexpected input in the applications…

4

Weekend Security Reading Round up Links 10/27/07

Microsoft Research Reveals New Trends in Cybercrime This is well worth reading if you’re in Info Sec… I particularly was nodding my head violently yes when I read the following: "The research indicates there are tensions within organizations over how data should be managed. Security and privacy professionals see customer data as an asset to…

1

Some technical details on how XSSDetect does Dataflow Analysis

Hi, my name is Hassan Khan. I work for the ACE Engineering Team, which is a part of the ACE (Application Consulting & Engineering) Team.  We develop tools and solutions to help secure Microsoft Line of Business applications, websites and also work with Microsoft’s enterprise customers.  ACE Engineering is also responsible for developing and delivering…

7

First Line of Defense for Web Applications – Part 2

Hello everyone, as promised I am back with the next post on input validation series for web applications. Knowledge is power right :). So knowing what all things to validate when you start your web project can save you a lot of headache down the road. So here are some of most important aspects on…

2

Weekend Security Reading Round up Links – 10/20/07

Inside the Matrix for Mobiles A pretty interesting concept: hack together a platform for connecting the innards of over one hundred different types of cell phones and then connect them to servers allowing virtual access for testing purposes over the Internet.  Nigerian Space Program Isn’t a 419 Scam No, really. Eric Traut talks (and demos)…

1

First Line of Defense for Web Applications – Part 1

Hi folks, I am Anmol Malhotra and I work with ACE Services Team as a security consultant. There are lots of security principles which one should be aware of while developing software but at the heart of any secure application, there should be a first line of defense – and the mother of all defenses…

4