7 posts categorized under “Security”

  • Add HTTPS To Any Site For Free

    Add HTTPS To Any Site For Free

    Date Published: 06 March 2019

    Back in the old days, adding HTTPS/SSL/TLS to secure a web site was a big deal. You had to spend hundreds of dollars for a certificate, then install it on the web server. It had to be specific to the subdomain you were using, or you had to shell out even more bucks for the wildcard cert. And they’d expire sometimes, and your site would go down, and that was never fun. Times have changed. Yes, you…


  • OWASP Training with Juice Shop Sample Application

    OWASP Training with Juice Shop Sample Application

    Date Published: 24 October 2018

    If you’re a web developer looking to get better at security (which should be to say, if you’re a web developer), you should check out the OWASP Juice Shop application. It’s a purposely insecure web application that tracks your progress as you attempt to exploit it in various ways. As you do so, you unlock achievements and can track your progress. The various exploits range from the simple to the…


  • Test Secure Web APIs with Visual Studio Web Tests

    Test Secure Web APIs with Visual Studio Web Tests

    Date Published: 24 July 2018

    A common approach to securing APIs is through the use of bearer tokens, like JWT. If you’re using JWT, you may find this site useful to easily examine JWT token contents. A common scenario when working with APIs secured by bearer tokens is to have to do something like this: Send credentials to token server to get a token (with some limited lifetime) Use the token from step 1 in the header of…


  • Avoid Storing Database Credentials in Source Control

    Avoid Storing Database Credentials in Source Control

    Date Published: 19 October 2016

    Your application probably needs to communicate with a database of some kind. Naturally, that database isn’t open to the world – it needs to be protected and secured. The typical solution to this is to create a username and password combination (ideally, specific to each application or user that requires access) and configure the application with these credentials. In many cases, they’re simply…


  • ASP.NET Shared Authentication Problem Solved

    ASP.NET Shared Authentication Problem Solved

    Date Published: 12 April 2016

    Last week I worked with a client to solve an issue they were having with a new ASP.NET 4.x application they had created using Visual Studio 2015. Their site is set up so that all of the authentication occurs through a shared, single-sign on, web site. Individual web projects are then hosted as subdomains which share the authentication cookie. It looks something like this: admin.foo.com (root…


  • ASP.NET Custom Errors Security Flaw

    ASP.NET Custom Errors Security Flaw

    Date Published: 18 September 2010

    Updated 5 October 2010: There is now a patch available via Windows Update. Read more about it here, and ensure all ASP.NET web servers have been patched ASAP. Microsoft just released some details on a security flaw that was publicized a few hours ago. On this post, you can learn more about the ASP.NET vulnerability and how to detect whether your web sites might be affected by them. This is a…


  • Assembly Hijacking Video

    Assembly Hijacking Video

    Date Published: 11 May 2006

    RockyHhas a great littlevideo walkthrough called Assembly Hijackingshowing how a bad guy can use a combination of SQL Injection and lack of strong named assemblies to do bad things to an e-commerce website. Definitely worth watching and remembering.


Browse all categories