What is the difference between encryption and hashing?

Posted by on August 29, 2022 · Comments Off on What is the difference between encryption and hashing?
Filed under: Development, Security 

Encryption is a reversible process, whereas hashing is one-way only. Data that has been encrypted can be decrypted back to the original value. Data that has been hashed cannot be transformed back to its original value. Encryption is used to protect sensitive information like Social Security Numbers, credit card numbers ...

XmlSecureResolver: XXE in .Net

Posted by on August 22, 2022 · Comments Off on XmlSecureResolver: XXE in .Net
Filed under: Development, Security, Testing 

tl;dr Microsoft .Net 4.5.2 and above protect against XXE by default.It is possible to become vulnerable by explicitly setting a XmlUrlResolver on an XmlDocument.A secure alternative is to use the XmlSecureResolver object which can limit allowed domains.XmlSecureResolver appeared to work correctly in .Net 4.X, but did not appear to work ...

Input Validation for Security

Posted by on August 22, 2022 · Comments Off on Input Validation for Security
Filed under: Development, Security 

Validating input is an important step for reducing risk to our applications. It might not eliminate the risk, and for that reason we should consider what exactly we are doing with input validation. Should you be looking for every attack possible? Should you create a list of every known malicious payload?...