Larry Steinle

July 26, 2014

Mixed Authentication

Web sites are usually created for an intranet user or an internet user. This article explains how to create a single site for both intranet and internet usage while retaining the benefit of single sign-on for internal connections without compromising the security of external connections.

(more…)

Advertisements

June 28, 2014

Big Brother, Little Brother or No Bother?

Filed under: C,Security,VS.Net,Web — Larry Steinle @ 1:07 am
Tags: , , , ,

Ever see the message, “Your IP Address has been recorded?” In this article we will review what kind of information a web site can gather about you, why a web site may need this information and how to get the information using c#.
(more…)

Web Information

Filed under: C,Security,VS.Net,Web — Larry Steinle @ 1:06 am
Tags: , ,

An ASP.Net Page provides simple, convenient access to HTTP Context data like Request, Response, Server, QueryString and Cookies to name a few. While re-factoring code to improve reuse often I find a need to move code from the web page and into a reusable class. (more…)

September 8, 2013

Coding On a Thread and a Prayer

Filed under: C,Security,VS.Net,Web — Larry Steinle @ 12:28 am
Tags: , , ,

Threading is a powerful concept growing more critical for application development. Modern computers aren’t always faster than computers from even four years ago. Instead, computer manufacturers focus on packing more CPU’s into a smaller package with the idea that workload split across many chips will run on a magnitude faster than the fastest chip. This performance gain can only be realized when an application is intentionally designed to take advantage of the multiple cores. As you begin working with threads, however, you will quickly realize that you must design your applications on a thread and a prayer!

Today’s article will be a little different from previous articles I have written. Instead of explaining what a thread is and how to use it I will be reviewing the various issues I have encountered while working with multiple threads and how I have resolved those issues. I trust that today’s article will help others who have encountered these same issues while developing multi-threaded applications.

(more…)

March 14, 2011

Strategies to Reduce the Risk of Code Injection Attacks

Filed under: Security,VS.Net,Web — Larry Steinle @ 12:22 am

In 2007 Symantec reported that 80% of web hacks utilized a variant of the cross-site attack. Hackers use a cross-site attack to run their own code in another website that is trusted by the unsuspecting user. The cross-site attack is a type of code injection attack. In today’s post we will review the various types of code injection attacks and discuss multiple strategies to mitigate the risk of unintentionally becoming the host for the attack or the target of the attack.

(more…)

March 9, 2011

Argument Validation

Filed under: Security,VS.Net — Larry Steinle @ 9:07 pm
Tags: , , ,

I wanted to take a small break from the Active Directory Data Access Layer to discuss a best practice that should be considered when constructing a code library. The first priority when constructing a reusable code base is the class diagram. The structure of the classes and the names of the methods impact how easily a class library can be to implement. Equally important is the careful attention to detail for argument values.

(more…)

February 20, 2011

Use Regular Expressions to Detect SQL Code Injection

Filed under: RegEx,Security,SQL Server,VS.Net,Web — Larry Steinle @ 12:26 am
Tags: , ,
To gain unauthorized access and possibly control of another companies information hackers employ a technique called SQL Code Injection. This simple technique involves entering a sql statement inside a text box and submitting the request. When the server processes the page it can be tricked into executing the injected code. The best strategy to block SQL Code Injection is to use a stored procedure. For the times when you simply must use inline sql statements we will learn how to detect and block SQL Code Injection with the help of a few, simple, regular expressions.

(more…)

Blog at WordPress.com.