Welcome to MSDN Blogs Sign in | Join | Help

January 2008 - Posts

Catch the security flaw #1

I will be from time to time, putting up flawed code as an open question on this blog. Those who can catch the flaw please do post about it in the comments section (preferably with the repro steps). After a few days, I will post the flaw and its countermeasure. Read More...
Posted Wednesday, January 23, 2008 11:47 AM by Varun Sharma | 4 Comments

Common Authorization flaw in Web Applications: Why disabling buttons (or other controls) is not enough?

I have seen quite a few web applications that rely on disabling controls for authorization. Consider this code:- The scenario may be that the page has to be displayed in a read-only manner for certain roles, or after submission of some details but prior Read More...
Posted Tuesday, January 22, 2008 8:24 PM by Varun Sharma | 2 Comments
Filed under:
 
Page view tracker