Developers, Security, Business – Lets All Work Together

Posted by on January 10, 2013 · Comments Off on Developers, Security, Business – Lets All Work Together
Filed under: Development, Security 

A few years ago, my neighbors ran into an issue with each other. Unfortunately for one neighbor, the other neighbor was on the board for the HOA. The first neighbor decided to put up a fence, got the proper approvals and started work on it. They were building the fence them selves ...

ASP.Net and CSRF

Posted by on January 7, 2013 · Comments Off on ASP.Net and CSRF
Filed under: Development, Security 

Cross-site request forgery (CSRF) is a very common vulnerability today.  Like most frameworks, ASP.Net is not immune by default.  There are some features that are built-in that can be enabled to help reduce the surface area of this attack, however we need to be aware of how they work and what situations they may not ...

SQL Injection in 2013: Lets Work Together to Remediate

Posted by on January 4, 2013 · Comments Off on SQL Injection in 2013: Lets Work Together to Remediate
Filed under: Development, Security 

We just started 2013 and SQL Injection has been a vulnerability plaguing us for over 10 years.  It is time to take action.  Not that we haven’t been taking action, but it is still prevalent in web applications.  We need to set attainable goals.  Does it seem attainable that we say we will eradicate all ...

Authorization: Bad Implementation

Posted by on January 3, 2013 · Comments Off on Authorization: Bad Implementation
Filed under: Development, Security, Testing 

A few years ago, I joined a development team and got a chance to poke around a little bit for security issues.  For a team that didn't think much about security, it didn't take long to identify some serious vulnerabilities.  One of those issues that I saw related to authorization for privileged areas of the ...