Welcome to MSDN Blogs Sign in | Join | Help

December 2008 - Posts

catch the security flaw #5 (flaw and its countermeasure)

In my last post , I showed input validation code that uses RegularExpressionValidators improperly. Thanks to Mathew Grabau and Marius Cristian CONSTANTIN for pointing out that the Page’s IsValid property has not been checked before using the input. As Read More...
Posted Monday, December 29, 2008 5:10 AM by Varun Sharma | 1 Comments

Catch the security flaw #5

A lot of web applications use RegularExpressionValidators for performing input validation [1]. Sometimes these validators are not implemented properly, which can lead to potential flaws. See if you can catch the flaw here:- Code for Default.aspx:- 1: Read More...
Posted Monday, December 22, 2008 4:57 AM by Varun Sharma | 5 Comments

Catch the Security Flaw(s) #4

Identify as many security issues as you can with this piece of code:- 1: [WebMethod] 2: public string GetEmpName( string empid) 3: { 4: SqlConnection con = new SqlConnection( "server=.;database=test;uid=sa;pwd=PassW2rd12" ); 5: SqlCommand cmd = new SqlCommand( Read More...
Posted Tuesday, December 02, 2008 2:18 PM by Varun Sharma | 4 Comments
 
Page view tracker