The Connected Information Security Group

RV again... Last time we saw how to fix a cross site scripting (XSS) vulnerability. This time we look at how we can detect cross site scripting vulnerabilities using automated tools. Being the most common vulnerability found in web applications, it is...

RV here... Last time we saw some some real world XSS examples. This time we will look at which common ASP.NET controls require encoding. Some controls in ASP.NET automatically encode certain properties when rendered, not all the controls do the same....

RV here again... From couple of weeks we have been seeing some XSS vulnerabilities in asp.net code. Today I wanted to show you guys some real world examples ranging from property assignments, data binding and JavaScript building. For each example, I will...

Anil Chintala here... I told you in my previous blog about AntiXSS Output Encoding methodology and why I think it is better than .NET framework's encoding methods in preventing XSS vulnerabilities. Although, AntiXSS is superior in restricting XSS vulnerabilities...

Vineet Batta here.... SQL Injection explained : SQL injection attack is the way to manipulate the SQL statement (insert malicious code) from applications to query or execute commands against the database. This can allow an attacker to not only steal data...

Hi Marius here again with highlights from day 2 of the Gartner BPM conference. Back of the Napkin You may have heard of the book called The Back of the Napkin : Solving Problems and Selling Ideas with Pictures. It’s one of the latest books creating...

Anil Chintala here... Recently I was asked about a question on client-side scripting language support in AntiXSS library. Q: Does AntiXSS library support client-side Java Script language? Yes, AntiXSS does provide support for client side scripting languages...

Marius Grigoriu here.... I am a Program manager with CISG and in keeping with good program management its straight down to business. Today was the first official day of the Gartner BPM Conference at Washington DC and I am posting daily trip reports. In...

Hi Vineet Batta here.... Background Programs written for .NET are relatively easy to reverse engineer. You can use free tools like Lutz Roeder's .NET Reflector to load .NET assemblies and view all the code (IL) contained within them. This is not in any...

Dennis Groves here.... The most common list is the to-do list , and it is the one we are all most familiar with and so the real value of a checklist is often very misunderstood . Aviation and medicine make heavy use of them. Computer programs are basically...

Marius here again..... Highlights: On average, 80% of the IT budget goes toward maintenance and only 20% goes to new projects. On top of that, IT budgets keep shrinking year after year. This creates a big challenge in funding large initiatives like BPM...

There's a truism that says, "beauty is in the eye of the beholder."    I'm here to tell you that that's not precisely the case; that the quality of beauty is not subjective.  Beauty is clearly definable, and universally understandable...

Birm here..... As I go about my daily routine, I talk a lot with people directly involved in software design and development. It’s become clear that based on their training and experience, each person has a different take on what constitutes “user...

Hi Dennis Groves here...... Recently I was questioned over a comment I made about a USB key being functionally equivalent to a Smart Card in a discussion about bit-locker . I of course not understand that they are technically not equivalent. Smart cards...

Mark Curphey here..... I often get asked exactly what I do for a living at Microsoft. Many people associate my name with OWASP , my personal blog and software security in general. When I say I am a PUM (Product Unit Manager)  and run a team that...

Hi Andreas Fuchsberger here.....and no this is not a new Seinfield commercial! The much anticipated and televised switch-on of the Large Hadron Collider (LHC) at CERN made me realise again how little we know about life and how much there is still for...

Birm here… Has this ever happened to you? It’s happened to me. You sit down to write an application that looks great and works even better. The UI you’ve designed is a model of esthetics and efficiency. You’ve demo’d it to...