RSSComputers / Programming / Mobiles (73)

11-08-2016 Write arabic script shortcut, presentation in MsOffice and HTML
21-06-2014 Meet the Pakistani who is reinventing the Internet. Well kind of...
19-02-2014 Collection of e-Books and Articles on Microsoft Technologies
26-03-2013 Restore SharePoint backup from earlier to later version - Your backup is from a different version of Microsoft SharePoint Foundation and cannot be restored to a server running the current version
21-12-2012 Air bags for electronics devices
08-11-2012 Recursive Query Parent Child Concatenation
25-04-2012 Change or remove filter / filter content from Sharepoint list / library view columns
23-02-2012 Pakistani IT experts win international cyber drill
26-12-2011 Installing XP on computer with SATA hard drive
20-04-2011 Sigin as different user in asp.net using Windows authentication
26-01-2011 Powershell CmdLets
30-05-2010 Update Statistics - Query to find tables and index number of statistics being old
15-04-2010 Detail Error Message for ASP.NET at Web Hosting / Production server
15-03-2010 Passing encrypted data between JavaScript and C#
12-02-2010 Sharepoint - SPWeb.Groups Vs SPWeb.SiteGroups
28-01-2010 Accessing JD Edwards Data on iSeries or AS/400 from a ASP.NET / SQL Encoding / Error problem
28-01-2010 Controls not functional after Export to Excel or Export to PDF of Telerik in Sharepoint Application page
05-10-2009 ASP.NET Cannot open log for source {0}. You may not have write access. - Access is denied
03-09-2009 Turn off Reading pane / Auto Preview for all folders in Outlook
28-08-2009 CRM - The SELECT permission was denied on the object 'BuildVersion', database 'MicrosoftCRM_MSCRM', schema 'dbo'
25-08-2009 CRM - No authority could be contacted for authentication (Report Server)
22-08-2009 CRM - Retrieve Cultures information from CRM into your Custom Web Application
21-08-2009 CRM - Globalization / Localization in Custom Web Application
19-08-2009 CRM - Do you want to save this file? Blank.aspx?
18-08-2009 CRM Exception - Microsoft.Crm Application.Platform.Report. InternalCreate(String xml)
18-08-2009 CRM Exception - Microsoft.Crm.Reporting SRSReport.convertDataSource()
03-08-2009 Locale ID (LCID) Chart
24-06-2009 Oracle SQL Developer - Unable to create an instance of the Java Virtual Machine
17-06-2009 Busy at work
17-06-2009 Boss Menu
10-04-2009 Facebook Privacy Setting - Applications
18-03-2009 For a Software House
27-01-2009 Clock ticking on worm attack code
27-01-2009 Detecting Idle time or Inactivity in Windows Forms
27-01-2009 Values of Windows API
23-01-2009 PasswordChar and Set focus on page load for ToolStripTextBox
21-01-2009 Capture Form Close Event
21-01-2009 Richtextbox or multiline textbox and AcceptButton to handle Enter or Tab key press
21-01-2009 Key Combination shortcuts in C# Windows Form
01-01-2009 Application Architecture Guide 2 patterns and practices
01-01-2009 Convert string to hexadecimal and hexadecimal to string
31-12-2008 Implementing Transaction in Stored Procedure
31-12-2008 Implementing Transaction in .NET
25-12-2008 Linux environment in Windows
11-12-2008 Facebook Privacy Setting
27-11-2008 Pakistani group hacks Indian websites - Cyber Attack
26-10-2008 Designations...funny!
16-10-2008 Securing Your ASP.NET Web Applications
15-10-2008 Software blocks car phone users
07-10-2008 Too much in technology!
14-09-2008 Logo Evolution
13-09-2008 Difference between .NET 2.0/3.0/3.5
03-09-2008 Google launches internet browser
27-08-2008 Excel Shortcuts
16-07-2008 Quantum information technology - Enigma variations
04-07-2008 Dead Lock - Boss and Secratory
04-07-2008 Web Service Security using SOAP Extension
24-06-2008 General Web Security Consideration
24-06-2008 ASP.NET Forms Authentication
20-06-2008 Find rowcount, columncount, table size in Sql Server Database
20-06-2008 Developers
19-06-2008 Windows Shortcuts
18-06-2008 Number of Microsoft Certified Professionals Worldwide
16-06-2008 Types of developers
22-05-2008 documentary on Google
12-05-2008 Moonlight (Silverlight for Linux)
24-04-2008 Take Advantage of ASP.NET Built-in Features to Fend Off Web Attacks
01-04-2008 Health, Calculator , Units Conversion All in One. Very useful to all
28-02-2008 General Motors vs. Bill Gates
16-02-2008 Stealth Deployment
14-02-2008 Resignation letter of a Software Employee
12-02-2008 Development
05-05-2007 Knowledge
Thu 24 Apr 2008

Would be old one but just a refreshing

 

Contents

What ASP.NET Developers Should Always Do
Where the Threats Come From
ViewStateUserKey
Cookies and Authentication
Session Hijacking
EnableViewStateMac
ValidateRequest
Database Perspective
Hidden Fields
E-mails and Spam
Summary
Related Resources

What ASP.NET Developers Should Always Do

If you're reading this article, you probably don't need to be lectured about the growing importance of security in Web applications. You're likely looking for some practical advice on how to implement security in ASP.NET applications. The bad news is that no development platform—including ASP.NET—can guarantee you'll be writing 100-percent secure code once you adopt it—who tells that, just lies. The good news, as far as ASP.NET is concerned, is that ASP.NET, especially version 1.1 and the coming version 2.0, integrates a number of built-in defensive barriers, ready to use.

The application of all these features alone is not sufficient to protect a Web application against all possible and foreseeable attacks. However, combined with other defensive techniques and security strategies, the built-in ASP.NET features form a powerful toolkit to help ensure that applications operate in a secure environment.

Web security is the sum of various factors and the result of a strategy that goes well beyond the boundaries of the individual application to involve database administration, network configuration, and also social engineering and phishing.

The goal of this article is to illustrate what ASP.NET developers should always do in order to keep the security bar reasonably high. That's what security is mostly about—keep the guard up, never feel entirely secure, and make it harder and harder for the bad guys to hack.

Let's see what ASP.NET has to offer to simplify the job.

Where the Threats Come From

In Table 1, I've summarized the most common types of Web attacks and flaws in the application that can make them succeed.

AttackMade possible by . . .
Cross-site scripting (XSS) Untrusted user input echoed to the page
SQL injection Concatenation of user input to form SQL commands
Session hijacking Session ID guessing and stolen session ID cookies
One-click Unaware HTTP posts sent via script
Hidden field tampering Unchecked (and trusted) hidden field stuffed with sensitive data

 

 

 

More at ....

 

Take Advantage of ASP.NET Built-in Features to Fend Off Web Attacks

http://msdn2.microsoft.com/en-us/library/ms972969.aspx

 

 

E-mail this post to someone or Comments (1)
Thu 28 Feb 2008

Gates v GM

For all of us who feel only the deepest love and affection for the way computers have enhanced our lives, read on.

At a recent computer expo (COMDEX), Bill Gates reportedly compared the computer industry with the auto industry and stated; "If GM had kept up with technology like the computer industry has, we would all be driving $25.00 cars that got 1,000 miles to the gallon."

In response to Bill's comments, General Motors issued a press release stating:

If GM had developed technology like Microsoft, we would all be driving cars with the following characteristics:

1. For no reason whatsoever, your car would crash........ Twice a day.

2. Every time they repainted the lines in the road, you would have to buy a new car.

3. Occasionally your car would die on the freeway for no reason. You would have to pull to the side of the road, close all of the windows, shut off the car, restart it, and reopen the windows before you could continue. For some reason you would simply accept this.

4. Occasionally, executing a maneuver such as a left turn would cause your car to shut down and refuse to restart, in which case you would have to reinstall the engine.

5. Macintosh would make a car that was powered by the sun, was reliable, five times as fast and twice as easy to drive - but would run on only five percent of the roads.

6. The oil, water temperature, and alternator warning lights would all be replaced by a single "This Car Has Performed An Illegal Operation" warning light.

7. The airbag system would ask "Are you sure?" before deploying.

8. Occasionally, for no reason whatsoever, your car would lock you out and refuse to let you in until you simultaneously lifted the door handle, turned the key and grabbed hold of the radio antenna.

9. Every time a new car was introduced car buyers would have to learn how to drive all over again because none of the controls would operate in the same manner as the old car.

10. You'd have to press the "Start" button to turn the engine off.


E-mail this post to someone or Comments (1)