Browse by Tags

Tagged Content List
  • Blog Post: Vulnerabilities in Web Applications due to improper use of Crypto – Part 3

    Almost all thick client applications need to update themselves. This is the only way to distribute newer functionality and bug fixes. The updated executables are usually downloaded on the client from the company’s servers. In the past, there have been cases where this “updater” functionality has been...
  • Blog Post: Vulnerabilities in Web Applications due to improper use of Crypto – Part 2

    Continuing with my last post on vulnerabilities in web applications due improper use of crypto, lets look at what might happen if you reuse an internal method for encrypting data. Consider a web application that needs to encrypt an application cookie. The developer uses the CookieProtectionHelper...
  • Blog Post: Vulnerabilities in Web Applications due to improper use of Crypto – Part 1

    Cryptography is used often in web applications. Web sites that use cookie based authentication encrypt and sign the authentication cookie. Query strings are sometimes encrypted to prevent manipulation and also to pass sensitive data from one page to another. Form fields may be encrypted and signed to...
  • Blog Post: Notes from the field - Crypto API for an enterprise customer

    The Engagement Hi, I am Richard Lewis and I am back from executing a CryptoApi project for an enterprise customer. The client, had this requirement of having to encrypt data between two machines. Sounds meager? Now consider this - The encrypting box was a low end machine with limited resources and...
Page 1 of 1 (4 items)