Personally, I try and write secure ASP.NET code. However, I have become quite paranoid about the code I write, as I used to work for a Registrar (high fraud targets). Are there any ASP.NET functions I should look at with extreme scrutiny (other than SQL access - I know enough not to do dynamic SQL). ...
Other than RATS, are there any other Perl security scanners? Possibly also any STATIC only perl code graph engine which has an ability to follow data-flow or otherwise tainted input? ...
Is there a way to set up a function that will get the user name of the user's LAN sign on, to use for the =(getusername) within Access? Is there some general vb that will work for this idea? thanks! ...
Open source javascript algorithm to feedback user on the quality of the password he is choosing. ...
I would be grateful for any suggestions on how to add license key enforcement or concurrent user limit enforcement to a (UNIX-based) software product that - while not explicitly open-source - the end-user nominally has source code to, or could, conceivably, obtain with relative ease because the servers running it are located on their pre...
This will be my first ASP.NET MVC application with forms authentication so I am trying to make sure I don't miss anything. The scenario is this: Public / Secured Areas. Within the private area it is even further limited to specific areas / user. These 'Areas' are defined by customizations to the base area that is customized per user gro...
My site got harmed by this site " spywarepc.info " ..don't even know what is this ? My site has been blocked by google ..? please help me out from this ..is it a malware ? ..if that how will i recover it ? ...
I'm trying to block all non-localhost attempts to access a Webrick process. This is my current code def do_GET(req, res) host_name = "localhost:3344".split(":")[0] if host_name != "localhost" && host_name != "127.0.0.1" puts "Security alert, accessing through #{host_name}" return else puts "we're fine, #{...
What are some of the best Sites for Computer Security basics. SSL, HTTPS, PKI, Authetication/Authorization, TLS, SAML, Vulnerabilities etc etc ...
Hi, I was wondering if there is any way to make a copy of an existing web.config file(rename the newly created file) with the nant build. ...
Are there any alternatives to LogonUser and for impersonating given account in order to access network resources? I'm looking for the method of impersonation which would let me connect to machine in foreign domains (or, workgroup machines for the same matter). For initial data I have: machine name, username (or domain\username), cleart...
I'm getting a 401 (access denied) calling a method on an internal web service. I'm calling it from an ASP.NET page on our company intranet. I've checked all the configuration and it should be using integrated security with an account that has access to that service, but I'm trying to figure out how to confirm which account it's connectin...
Heroku seems great, but most non-trivial applications require authentication, and conventional authentication schemes require an SSL connection, and it's impossible to get https://your_app_name.com (you can only get https://your_app_name.heroku.com). So if you're using Heroku, is it that: You don't mind directing users to another doma...
I want to run a report to make sure the password of every user is set to expire every 30 days, but the expiration interval doesn't seem to be stored in syslogins? ...
I am looking at the Moneris Payment Processing and their Direct Post method. For the life of me, I can't figure out how the security on it works. As best as I can tell it does this: Web User comes to my site. They fill out their credit card information (https). I show them a summary in a form. When they hit submit they go to Moneri...
I want to create a newsletter app and users will naturally have to confirm that they signed up for the newsletter so we don't spam them if some bot entered addresses. My idea was to simply send the user an email that contains a link that has a secret in the url, which is a hash of the email address and some secret sitekey. My questions...
I have go through the OWASP top ten vulnerabilities and found that Cross-Site Scripting is the one we have to take notes. There was few way recommended solutions. One has stated that Do not use "blacklist" validation to detect XSS in input or to encode output. Searching for and replacing just a few characters ("<" ">" and other similar c...
Hello everyone, I am confused about this property, as mentioned here, http://msdn.microsoft.com/en-us/library/system.security.permissions.securityattribute.unrestricted.aspx we could give it full or non-full. My confusion is for permission in a straightforward understanding, there should be only two status -- granted and not-granted, w...
The lack of reflection in Medium Trust hosting environments seems to cause a lot of problems for many popular web applications. Why is ReflectionPermission disabled by default with Medium Trust? What risk does reflection pose in a shared hosting environment? For random reference, see MSDN: How to use Medium Trust in ASP.NET 2.0 ...
I'm getting this error when accesssing a WCF service that accesses a .mdb file on disk. It's apparently not a permissions error. Do any of you have familiarity with this error and what might be the cause? ...