I would like to secure an ASP.NET web application against hacking. Is there a list of ASP.NET specific tasks specifically coding wise to make an ASP.NET more secure? Beyond what is mentioned on MSDN. I am interested in specific steps with code examples on ways to avoid cross site request forgeries & cross site scripting. I know about u...
Is there a way to see users that have certain security role assigned? I'm looking for a hint that I missed something or a tool. ...
We are trying to establish the identity of the user using silverlight client over wcf service using custom binding. We ave tried numerous configurations etc with no luck. On the wcf services we have looked at the operation context, http context but the identity does not seem to be passed through. ...
Hi and thank you for wanting to help :) I have root access to an Apache server running under CentOS 5. The root site is password protected and some areas of the site (documents etc) can only be accessed by some users. The user id is stored in a session. In the perfect world I would want to activate a Python script (on the server outsid...
A question in theory of Computer Science Today I can secretly store files in the cloud (say, amazon s3), by having them encrypted before I store them and decrypt them after I download. The storage provider cannot obtain any information from the stored files - everything is encrypted safely, and even symmetrical cipher will be ok here. ...
As many APIs provides access remotely to their data through the user/password combination, I was wondering wich was the best way to store those value, highly secure way (even if 100% is impossible), in order to connect them directly without asking everytime for those. ...
Hi, I'm trying convert .pem to .cer using OpenSSL... openssl x509 -inform PEM -in root.pem -outform DER -out root.cer But, I don't know how to install the certificate on IIS 7.0 over Win Server 2008. I read some tutorials about it and tried to install the cert in IIS 7.0 Server Certificates -> complete certificate request -> T...
i have download the code from the codeProject web site but while runnig this i got the reference error of the dll in the reference folder. the dll file is located in my bin/debug/ folder. still it not found it. when i add this file from add reference tag i give the error that this is not valid com component. please help in this thanks...
I have a feedback pop up (TickBox) that loads a cross domain iFrame and when submitting the form it loads the "thanks for...." page. I want that when user submits the feedback button it should hide the iFrame wrapper. I know that because of the "same origin policy" security limitations you cant get the actual location of the iFrame wh...
My customers can ask questions directly in my (windows forms) app. The app talks to a web service which stores the messages in a db on my server. Problem: A competitor decides to spam my Web Service. What can I do to prevent this and is there a cryptographically save way of doing this? The things I came up with until now are: Hide the...
Hello everyone, and thanks for looking at my question. I like to note first that this is an education attempt on my own database to better understand mysql injections to protect my own code. I need to work out a couple of examples of how a mysql injection can be constructed against the following code. It's a basic user login system whe...
Possible Duplicate : Free obfuscation tools for .NET Are there any free tools similar to Dotfuscator? I want to encrypt or obfuscate certain strings inside my .NET assembly. ...
For example, if the user has JavaScript enabled, we send hash his password and send the hash. If not, we send the password unhashed and a flag to mark that it is unhashed. We then build the hash (if it's unhashed) and compare it to the stored hash. This seems to be secure and simple. Why isn't it a popular way to send a password? Did I ...
I want to authenticate users on a web application. The users are already logged into their Windows Network. Notice, this is NOT Internet Information Server. I have a Java Application Server on the other side. Is there a way using Javascript or something, so that a Windows Authentication can be taken, then sent to the server, and on the s...
I'm creating an API service which allows people to provide a URL of an image to the API call, and the the service downloads the image to process. How do I ensure somebody does NOT give me the URL of, like, a 5MB image? Is there a way to limit the request? This is what I have so far, which basically grabs everything. req = Net::HTTP...
I am new to coding and would like to set this up in my app. How or where do you start this process... In you AppDelegate file? Please provide me a jump start. I'm invoking this process from the UIButtonTypeInfoDark on the NavgationBar/TabBar Controller from the MainWindow. I am basically trying to set up a 4 digit pin to protect the user...
In a CodingHorror blog post a commenter made the observation that it is more difficult to obscure sensitive configuration information (e.g. SQL Server connection strings) in a program than it used to be, because the obscuring algorithm can be disassembled quite easily with Reflector. Another commenter suggested that encrypted appSetti...
I am building an application that will have web, windows and mobile (iPhone) client, I want to use WCF to implement the service layer and not being familiar with WCF I am a little confused when it comes to security, authentication and authorization. What I would typically like is to re-use as much of the ASP.Net membership components ...
I am currently reading several security books(my passion) regarding secure programming, however either the distro's they provide on disc are faulty, or non-existent. Books:Hacking The art of Exploitation 2nEd, Grey Hat hacking 2nEd The issue is that when i try to follow the examples, obviously newer distros have stack protection and othe...
Hi, my question is related to hypertext protocol. what is the requirements from my side to be able to use HTTPS instead of HTTP in the areas where a user will enter confident information or when there is a registration process. Thank you. ...