• Blogroll

  • DevelopSec

• Archives

  • March 2024
  • December 2023
  • January 2023
  • August 2022
  • February 2020
  • October 2019
  • May 2019
  • June 2018
  • November 2017
  • June 2017
  • February 2017
  • October 2016
  • September 2016
  • May 2016
  • February 2016
  • January 2016
  • November 2015
  • October 2015
  • September 2015
  • April 2015
  • October 2014
  • August 2014
  • December 2013
  • November 2013
  • October 2013
  • July 2013
  • May 2013
  • April 2013
  • March 2013
  • January 2013
  • December 2012
  • September 2012
  • August 2012
  • July 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • September 2011
  • July 2011
  • June 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • November 2010
  • October 2010
  • September 2010
  • July 2010
  • May 2010
  • April 2010
  • February 2010
  • January 2010
  • December 2009
  • October 2009
  • August 2009
  • April 2009
  • March 2009
  • January 2008
  • December 2007
  • October 2007

Securing If Statements

While recently reviewing the details of the GSSP-.NET certification, I came across the topic of “securely formed if and while statements.”  At first, I was a little confused about what this really meant.  I believe that a securely formed ‘if’ statement would be one that has the constant on the left, rather than the right.  ...

HTMLAttributeEncode Framework differences

I have done a few posts regarding Cross Site Scripting and how to protect against it.  I came across an interesting item today comparing the output of HTMLAttributeEncode between .Net 1.1 and 2.0+.  I thought it would be a good idea to dig a little deeper into how the encoding really works.  The .Net 1.1 ...

Microsoft Introduces Quick Security References

Yesterday, Microsoft released two new Quick Security References (QSR’s) to help application development teams understand Security issues.  These new guides are the first part of a continuing series to help multiple roles within the team understand common vulnerabilities.  Not only do they provide great detail on the security issues, but they also help teams move ...

Creating the Reply With Meeting OL2007 Add-In (Part 1)

Note: This is the first part, in a multi-part series to create this add-in.  I chose to break this up into multiple parts so some parts (like this one) could be used by anyone creating an add-in.  This post will only create the add-in shell and will not show how to reply with a meeting.  ...

Protecting against Cross Site Scripting

One of the most important defenses against cross site scripting is encoding the output.  The .Net framework provides built in routines for you.  These methods, HTMLEncode and HTMLAttributeEncode, can be found in the HTTPUtility class.  It is very easy to implement these methods and they should be used on all output that is un-trusted (ie, ...

CAT.NET Microsoft’s Code Analysis Tool

Microsoft has introduced a new  code analysis tool called CAT.NET to help analyze source code for security flaws within managed applications.  This is a visual studio add-in that works directly within Visual Studio, so there is no need for separate programs.  The tool will trace through all statements, methods, and assemblies referenced within the application.  ...

• Follow Us

  

  

  

  
  
  
  

• Recent Posts

  • Securing the Forms Authentication Cookie with Secure Flag
  • Does ASP:Textbox TextMode Securely Enforce Input Validation?
  • Disabling SpellCheck on Sensitive Fields
  • What is the difference between encryption and hashing?
  • XmlSecureResolver: XXE in .Net