application-security

Storing Username/Password During Processing

Working inside the context of an ASP.NET application I am creating a page that will be able to execute database scripts against one of many databases in our environment. To do this we need to prompt the user for a username/password combination, this value can be used for all servers without issue. The question is where is the most secu...

Using Secure String and Keeping it Secure

So the .NET framework provides the SecureString class for storing strings in a secure fashion. But to read the information and work with it you have to return it to a standard string. See this implementation example. As you can see from the example using the pointer we return an unencrypted string. How to do we now manage that "insec...

Web application security testing

Hi all, We are developing a web application using Spring framework and Hibernate ORM. As far as application security is concerned we are using acegi to provide authentication and authorization support. Now about user input sanitation, we have tried to take take care about attacks like XSS and sql injections. We have tried to use as muc...

Alternatives to dotfuscator suite?

I've been looking for solutions that provide a couple of types of protection and dotfuscator has been what I've landed on each time I look. Specifically, I like: code obfuscation their usage analytics tamper detection/notification shelf-life enforcement Now, I know that there's lots of alternatives to the first, some of which are fre...