My bug reporting has been on fire lately. This week I received confirmation from the Google security team that a security bug I reported was found worthy of a reward (a couple of weeks ago Google fixed some issues in their two-step verification procedure). I'll be blogging the details on the security issue anytime soon.
Just now, my hotmail told me that the Visual Studio 2010 firewall setup bug I blogged about last month will be fixed in the next major release of Visual Studio. Cool!
Now, if I could only find and fix my own damn bugs. :)
Software security blog by André N. Klingsheim, who's learning to love .NET and Microsoft servers.
Disclaimer
Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).
Sep 16, 2011
Sep 12, 2011
Announcing TransformTool
I've spent some of my spare time on a hobby project lately. I've been missing a tool that could help me easily encode or decode various pieces of information. When you're studying web applications you often come across values in cookies, URL parameters or forms that are encoded in one way or another. They might even be encoded multiple times with the same encoding function. It has been somewhat cumbersome to fiddle about with such pieces of information, that is until now!
I've created TransformTool, that lets you easily apply a series of encoding/decoding operations to an input. Just have a look at this example:
I've created TransformTool, that lets you easily apply a series of encoding/decoding operations to an input. Just have a look at this example:
Labels:
.NET,
Ninja tricks,
TransformTool
Sep 4, 2011
WIF security considerations
I've been working with WIF (Windows Identity Foundation) for the last couple of months, and have to admit I've spent some time googling for WIF articles explaining how the framework should be used. I'll be putting together a blog post on some of the most useful resources I've found when I find the time. However, you'll discover that there aren't many resources covering WIF and the nitty gritty security details out there. An MSDN article on WIF security was brought to my attention the other day (thanks Jonas!), so I figured I'd link to it sooner rather than later. It might be useful for some of you out there.
The article is titled Security considerations, and it's not easy to find on Google. It contains quite a few security considerations you'd want to look into if you're using, or are contemplating, to use WIF. Stay tuned for more WIF (security) stuff as my calendar hopefully frees up at work, and the golf season ends here in Norway.
The article is titled Security considerations, and it's not easy to find on Google. It contains quite a few security considerations you'd want to look into if you're using, or are contemplating, to use WIF. Stay tuned for more WIF (security) stuff as my calendar hopefully frees up at work, and the golf season ends here in Norway.
Labels:
WIF
Subscribe to:
Posts (Atom)
Copyright notice
© André N. Klingsheim and www.dotnetnoob.com, 2009-2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.
Read other popular posts
-
Microsoft's widely used e-mail service Hotmail was recently overhauled and rebranded Outlook.com. One of the less known services they pr...
-
Security headers in an HTTP response There are many things to consider when securing a web application but a definite "quick win&qu...
-
The release of Firesheep a week ago brought a lot of attention to a problem that has been known for many, many years: cookies sent over both...
-
OWASP recently released their Top Ten 2013 list of web application vulnerabilities. If you compare the list to the 2010 version you’ll see t...
-
I guess it was long overdue for me to follow up on my Hardening Windows Server 2003 SSL/TLS configuration and Windows server 2003 vs 20...
-
Just a quick note on an error I often run into when I'm working on my Azure applications. I usually create Azure packages and upload the...
-
Though Windows Server 2003 has been around for a while, we'll still see them around the Internet for many years to come. Despite their u...
-
A couple of weeks ago I was remotely involved in a discussion on password hashing in .NET with @thorsheim , @skradel , and @troyhunt . (Foll...
-
I just ran into a weird problem while creating a bootable USB-stick, it was impossible to do a full copy of the files from an .iso. I tried...
-
The .NET 4.5 framework was released a couple of months ago and it included several improvements in the security area. To benefit from these ...