How to test "UDP header incorrect lenght" on your own?
Hi, I know UDP header incorrect lenght is usually part of security testing as this one could crash the target machine. However, how to do that on your own? ...
security
System.Web.HttpException: Could not load type 'CSW.Web.Security.NDMSMemberProvider'.
OK here is what I have: I for got to mention that I am using LINQ to SQL In one project I have my DBML files like this NDBS.DBML NDBS.Designer.vb NDBS.vb The latter looks like this Namespace CSW.Models.NDMS Partial Class NDMSDataContext End Class End Namespace In my security folder I have Imports CSW.Models.NDMS Imports l...
Using authlogic_api for Rails REST API access
I am writing a Rails back-end API for a Steam game that is only accessed via REST calls, so no user-specific authentication is required. I am trying to implement the authlogic_api plug-in for the Authlogic gem, which uses an api_key/signature mechanism to restrict access. I have implemented the ApplicationSession and ApplicationAccount m...
Servlet filters for abuse prevention? (DoS, spam, etc)
I'm looking for a servlet filter library that helps me secure our web service against unauthorized usage and DDoS. We have "authorized clients" for our web service, so ideally the filter would help detect clients that aren't authorized or behave improperly, or detect multiple people using the same account. Also we need a way to prevent ...
What's the point of the Anti-Cross-Domain policy?
Why did the creators of the HTML DOM and/or Javascript decide to disallow cross-domain requests? I can see some very small security benefits of disallowing it but in the long run it seems to be an attempt at making Javascript injection attacks have less power. That is all moot anyway with JSONP, it just means that the javascript code is...
100% safe photo upload script
Question is simple. How can I make 100% safe photo upload script with php? Is there any tutorials which shows all possible safeness's gaps? Do not offer me to look this question http://stackoverflow.com/questions/786507/uploading-photos-how-can-i-keep-our-website-safe-stable, because there they talk only about size. But I want to be sur...
Unicode mirror character?
?retcarahc "rorrim" edocinu eht htiw detaicossa ytilibarenluv fo tros emos ereht sI?ksir yna ereht erA ?rof ti si tahW ...
Exploitable PHP functions
I'm trying to build a list of functions that can be used for arbitrary code execution. The purpose isn't to list functions that should be blacklisted or otherwise disallowed. Rather, I'd like to have a grep-able list of red-flag keywords handy when searching a compromised server for back-doors. The idea is that if you want to build a mu...
Best approach to authenticate the client certificate
Hi, I have hosted a secure WCF service on cloud with a certificate created by makecert. Now I want to restrict the access to the service by allowing only those clients who have the certificate generated by me. What is the best approach to implement this * Shall I go with the changes in the configuration file * Or Shall I write the c...
Penetration Testing vs Other Security Testing
Hi, I do not know the difference between penetration testing and other forms of security testing. Could anyone experienced in that area tell me the differnces? I would really appreciate it. On the side note, is there any testing that simulates DoS? I do not know how to defend against it. ...
Does wsHttpBinding for WCF supported on Azure?
Hi I want to host a secure WCF service on azure using wsHttpBinding binding. On the blogs and various posts is ti mentioned that wsHttpBinding is not supported on cloud. Is is true? Can't I use wsHttpBinding with WCF service to host it on Azure. ...
Accessing a named pipe endpoint in a windows service from IE using a COM enabled .NET client dll
I have a WCF service hosted in a windows service. This WCF service is only going to be used on the local machine so I have chosen named pipes for endpoint. However when I try to connect to WCF service from the client instantiated by JavaScript in IE, endpoint is not found. However if I stop the windows service and run the executable (it...
What is difference between self signed and certificate generated by certification authority
Hi, I want to know the difference between self signed and certificate generated by certification authority. I can easily create a self signed certificate for domain xyz.com then what is the difference between this certificate and the one generated by CA? Scenario Suppose a site xyz.com is secured with a certificate issued to xyz.com a...
How to copy ntfs permissions
Hello, I found a method for copying ntfs permissions information from one existing folder to a newly created one - I'm not sure if it's doing the work it should do. Maybe one can have a look at the method and give some comments: private static void CopySecurityInformation(String source, String dest) { FileSecurity fileSecurity = Fi...
What characters or character combinations are invalid when ValidateRequest is set to true?
I've tried looking at the Microsoft site and Googling this but nobody seems to have an answer aside from the < and the >. There's more to it than that though. I've noticed that the HTML entity starter of &# is invalid. Is there anything else? Does anyone have a complete list? Thanks! ...
How should I store ftp log on credentials in a MySQL database?
Hey guys, I'm really just looking for some guidance. Here is the scenario: A user can add an FTP account via a password protected control panel. I need to save these credentials so that the FTP account can be connected to automatically. This is easy but I want to take the most secure approach possible. I was thinking of possibly encryp...
how to secure sendmail on Centos for sending mails only from web app
We are using sendmail to send mails from our web app and we do not need to receive emails. Only our machine should be able to send emails from the sendmail server. What's the best way to make sure sendmail is running secure on our server. Again, we only need to be able to send mails using php's mail() function, nothing more. ...
How should passwords be securely stored for web hosting?
Possible Duplicate: Encrypting/Hashing plain text passwords in database Recently, I discovered that major web hosting companies store their users' passwords in plaintext and even ask for the last 4 digits of the user' password when trying to verify their identity. This seems vitally wrong and full of security problems. I belie...
PHP script: malicious JavaScript code at the end
The problem: On my webspace there are PHP files which all end with this: <?php include 'footer.php'; ?> Before this line, there is also HTML code in the files. The output in the browser ends with this, of course: </body> </html> But yesterday, there was some malicious code at the end, suddenly. The output of my index.php was: </...
Grant WPF application access to local drive?
Hello, I'm writing an application in C# (it's very basic, for a friend of mine), but I have a StreamWriter object that creates a local file in C:. I have to do Run as Administrator, and it works fine, but otherwise it crashes with "Access to the path 'C:\final.html' is denied." I've never worked with any sort of security or permissions...