When we talk about security vulnerabilities in software it’s worth thinking about computer programmes on a fundamental level. On the simplistic level a computer programme is something which takes in an input, usually from the user in the form of text, processes that input, which changes the state of the machine, and then gives as output or result to the user. A bug is when certain inputs aren’t processed correctly and the wrong output is given. For example, if 1 plus 1 results in 3. A security bug however, can be when a certain input is processed in such a way that compromises the security of information managed by a programme and may even output it. We often see this in practice in web applications. Continue reading “SQL Injection for beginners”
Adding two-factor authentication (2FA) to your web application increases the security of your user’s data. Multi-factor authentication determines the identity of a user in two steps:
- First we validate the user with an email and password
- Second we validate the user using his or her mobile device, by sending a one-time verification code
Once our user enters the verification code, we know they have received the SMS, and indeed are who they say they are. This is a standard SMS implementation. Continue reading “Set up SMS for Two-factor authentication with Twilio”
A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works.
This login page doesn’t have any protection against password-guessing attacks (brute force attacks). It’s recommended to implement some type of account lockout after a defined number of incorrect password attempts. Consult Web
references for more information about fixing this problem.
CVSS Base Score: 5.0
– Access Vector: Network
– Access Complexity: Low
– Authentication: None
– Confidentiality Impact: Partial
– Integrity Impact: None
– Availability Impact: None
Affected item /Admin/Login.aspx
Blocking Brute-Force Attacks
A common threat Web developers face is a password-guessing attack known as a brute-force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. If your Web site requires user authentication, you are a good target for a brute-force attack. Continue reading “Login page password-guessing attack (Accunetix)”
Managing the configuration data have always been troublsome. Although Microsoft did provided and also updated/upgraded a lot of options from time to time, yet it remains a challenge most of time. Things get more critical when the configuration data we are concerned is the confidential data like connection string, smtp passwords, API keys etc becase at some point of time, they do get checked in source code or shared across other developers. In one of my prev project faced a similar issue when private key and the Code Signing certificate was accidentally checked in by a developer. The customer had to revoke the certificate which invalidated all the production builds which were deployed to end users as well. Continue reading “Using the configuration Builder in ASP.NET 5”
With the introduction of OWIN and self hosting, microsoft has really opened a lot of possible doors for developers and application users. This post is targetted to have an OWIN application hosted in Windows Service. Also we would be configuring the SSL for the Site.
Creating a Windows Services Project
This is pretty straightforward. In visual Studio, Create new project and select Windows Service as project. This will add a project with default Service “Service1”. Rename to whatever the name expected. Continue reading “How to make your first WebAPI2 Project”
SELECT Object_name(object_id) as [Procedure Name], Object_definition(object_id) as [Definition] FROM sys.procedures WHERE Object_definition(object_id) LIKE '%cursor%' Order by [Procedure Name]
According to the Federal Trade Commission identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.
The FTC estimates that as many as 9 million Americans have their identities stolen each year. In fact, you or someone you know may have experienced some form of identity theft. The crime takes many forms. Identity thieves may rent an apartment, obtain a credit card, or establish a telephone account in your name. You may not find out about the theft until you review your credit report or a credit card statement and notice charges you didn’t make or until you’re contacted by a debt collector.
Identity theft is serious. While some identity theft victims can resolve their problems quickly, others spend hundreds of dollars and many days repairing damage to their good name and credit record. Some consumers victimized by identity theft may lose out on job opportunities, or be denied loans for education, housing or cars because of negative information on their credit reports. In rare cases, they may even be arrested for crimes they did not commit.
Continue reading “What is Identity Theft?”