Web Information Security

RSS Feed Homepage

Articles: 1, 2, 3, 4

Securing Session Cookies or ID's during transmission
2006-12-29 20:39:01
Following are some of the security practices for secure transmission of session cookies between web server and client.   If its a commercial website, then install SSL for secure communication. Generate unpredictable Random characters for the sessionID value. Avoid incremental or time based session cookie values. Issue or generate session cookie after successful authentication only. Never generate cookies as Persistent cookies on the users hard disk. Technorati Tags: Session Managementread more
More About: Cookies , Ring , Miss , Cook , Trans

Security Features in ASP.NET - Authentication and Authorizat
2006-12-29 20:39:01
This is a very good article explaining the security features of ASP.NET application by Cynthia Carolina. This article illustrates the security work flow differences between classic ASP 3.0 and ASP.NET. It describes about fundamental security operations in ASP.NET. Introduction Security is one of the primary concerns for both developers and application architects. As there are lots of different types of website with varying security needs, the developers need to know how the security works and choose the appropriate security model for different applications. Some websites collect no information from the users and publish the information that is available widely such as search engine. Meanwhile, there are other sites that may need to collect sensitive information from their users (e.g. credit card numbers and other personal information). These websites need much stronger security implementation to avoid malicious attacks from external entities. Technorati Tags: Authentication Au...
More About: Cat , Features , Feature , Author

IPv6 and Security
2006-12-29 20:39:01
IPv6 and Security , (Wed, Dec 6th) - Checkout this article about the IPV6 and its security implications at IPv6 conference. The main reason for changing to IPv6 is the increase in the number of available addresses. IPv4 addresses according to the presentations will run out in the next 6 years or so.   "Some security issues will be worse, some better and most of them the same", filling me with hope that I'll still be employed in the IPv6 world. Technorati Tags: Configuration IIS Operating System Windows

Tip/Trick: Guard Against SQL Injection Attacks
2006-12-29 20:39:01
By ScottGus Blog SQL Injection attacks are really nasty security vulnerabilities, and something all web developers (regardless of platform, technology or data layer) need to make sure they understand and protect themselves against. Unfortunately developers too often neglect putting focused time on this - and leave their applications (and worse their customers) extremely vulnerable. Michael Sutton recently published a very sobering post about just how widespread this issue is on the public web. He built a C# client application that uses the Google Search API to look for sites vulnerable to SQL Injection Attacks . The steps to achieve this were simple: Technorati Tags: Input Validation SQL Injection ASP or ASP.NET MS SQL Serverread more
More About: Rick , Trick , Again , Guard

Top 10 Ajax Security Holes and Driving Factors
2006-12-29 20:39:01
by Shreeraj Shah - net square One of the central ingredients of Web 2.0 applications is Ajax encompassed by JavaScripts. This phase of evolution has transformed the Web into a superplatform. Not surprisingly, this transformation has also given rise to a new breed of worms and viruses such as Yamanner, Samy and Spaceflash. Portals like Google, NetFlix, Yahoo and MySpace have witnessed new vulnerabilities in the last few months. These vulnerabilities can be leveraged by attackers to perform Phishing, Cross-site Scripting (XSS) and Cross-Site Request Forgery (XSRF) exploitation. There is no inherent security weakness in Ajax but adaptation of this technology vector has changed the Web application development approach and methodology significantly. Data and object serialization was very difficult in the old days when DCOM and CORBA formed the core middleware tier. Ajax can consume XML, HTML, JS Array, JSON, JS Objects and other customized objects using simple GET, POST or SOAP calls;...
More About: Security , Driving , Top 10 , Fact , Actors

Passwords - Common Attacks and Possible Solutions
2006-12-29 20:39:01
By Dancho Danchev for Help Net Security Overview Making sure authorized users have access to either sensitive company information or their personal e-mail can be a daunting task, given the fact that an average user has to remember at least 4/5 passwords, a couple of which have to be changed on a monthly basis. The majority of users are frustrated when choosing or remembering a password, and are highly unaware of the consequences of their actions while handling accounting data. Technorati Tags: Authentication Authorizationread more
More About: Word , Words , Password , Common , Pass

Protecting against SQL Injection attacks
2006-12-29 20:39:01
Following are some of the recommendations to protect the application against SQL injection attacks. Sanitization Input: Prot ecting SQL queries by implementing sanitization techniques for all input received from any ASP.NET request object. Check all the input sources such as Request.Cookies, Form Variables, Query String parameters, Request.ServerVariables etc. Sanitization routines will vary based on your DBMS. Technorati Tags: Input Validation SQL Injection ASP or ASP.NET Database MS SQL Server read more
More About: Again , Attacks , Tacks , Attack

Microsoft Anti-Cross Site Scripting Library
2006-12-29 20:39:01
While looking for some information on prevention of Cross -site scripting (XSS) attacks, I found a scripting library which developers may wish to use the Microsoft Anti-Cross Site Script ing Library to encode output. This library differs from most encoding libraries in that it uses the "principle of inclusions" technique to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The principle of inclusions approach provides a high degree of protection against XSS attacks and is suitable for Web applications with high security requirements. Technorati Tags: Cross-Site Scripting (XSS) Input Validation AJAX ASP or ASP.NET C-Sharp (C#) Javascript VB or VB.NET Windowsread more