Contents tagged with ASP(x)
-
Security update released for ASP.NET Padding Oracle Vulnerability
Microsoft has just released security bulletin MS10-070 with security updates for the issue. The updates are currently on Microsoft Download Center, but will be available through all other channels soon.
-
Update 1: ASP.NET Zero Day Vulnerability - Padding Oracle Exploit
ScottGu has posted some additional FAQs on http://weblogs.asp.net/scottgu/archive/2010/09/20/frequently-asked-questions-about-the-asp-net-security-vulnerability.aspx
-
ASP.Net zero day vulnerability - Padding Oracle exploit
An ASP.Net cryptograhic zero day was publicly disclosed today.
-
SQL Injection Demo
SQL injection seems to have faded from prominence lately and has become just a buzz word. To make things a little more real I put together a quick demo for it, to demonstrate that you don't necessarily have to go out of your way to make your web application exploitable.
-
Filtering SQL injection from Classic ASP
SQL injection may be over a decade old, but even the best of us need a reminder once in a while. You should always validate input to your applications! There isn’t a ‘one size fits all’ solution to sanitizing input, so I will attempt to show what a general solution might look like for classic ASP (using VBScript). Remember, you need to keep in mind the specifics of your web application and add/remove things in the sample accordingly. So even though I am focusing on SQL injection here, input validation needs to be done to even prevent cross-site scripting attacks, among others. Check this article on how to prevent XSS to give you an idea of other sorts of validation that would need to be done on user input to secure a web application. If you are looking for something for ASP.NET check out this post from Stefan on the ASP.NET team.