ViewStateUserKey to prevent XSRF (CSRF or cross-site request forgery) in ASP.NET
ViewStateUserKey has been around for many years and is an easy solution to prevent the infamous XSRF or cross-site request forgery class of attack. It’s documented:...
View ArticleCSIDL – Shell constants, enumerations, and flags
I worked on an application which had a couple of requirements: Allow users access to their local drive content within a defined scope (e.g. either the entire drive, or the My Documents folder only)...
View ArticleWeb Services denial of service attacks – XmlTextReader
Most Web Services I look at are built using the .NET Framework and ASP.NET. Today we’re seeing more with ASP.NET’s AJAX extensions but that’s a different story. Many developers choose to implement SOAP...
View ArticleAccess to .Net System.dll internal functions
Occasionally you will discover a nice class or function you would like to use. I stumbled across [mscorcfg]Microsoft.CLRAdmin.Fusion.AddAssemblytoGac(string strAssembly). Oddly enough there's no way to...
View ArticleI18N input validation whitelist filter with System.Globalization and...
Maybe you’re building internationalized code and wondering how to build a whitelist filter that will support all the different character sets your planning to support. If you support more than ten,...
View ArticleHow to apply domain restrictions to a browser plugin (ActiveX or XPCOM)
For Internet Explorer, there's Microsoft's Sitelock. For Mozilla, I'm not sure what there is… In that case, we've been working on some solutions that could hold up cross-browser on a Windows platform....
View ArticleVisual Studio 2008 CRT bug
I run into this “issue” alot compiling this open source project or that open source project (winpcap, cygwin, delegate, snort, nmap. It's a fun MACRO problem. I love MACROs. </sarc> Here's what...
View ArticleMicrosoft Releases the sources to the .Net framework
I suppose this is news to a lot of people. http://weblogs.asp.net/scottgu/archive/2008/01/16/net-framework-library-… The easy access to the source should help people. Even if it helps them use someone...
View ArticleUsing ASP.Net session handling with secure sites (set the secure flag)
One of the common problems we see with many web applications is reliance on ASP.Net sessionID without understanding the security ramifications. ASP.Net provides web developers with a powerful means of...
View ArticleClik here to view.
It all comes back to the basics
Recently there has been a lot of talk in the security community about the Flash ActionScript exploit written by Mark Dowd (http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf). I will not go...
View ArticleLet me see that certificate a little more closely. Part 1 – Validating the...
If you are developing a client to a server service that communicates over SSL such as a Web Service then it is your job to ensure your server is the "real deal" and not some rouge server or...
View ArticleClik here to view.
A Vim plugin for highlighting APIs banned by the Microsoft SDL
I do a lot of programming, so I live in my editor. I use Vim. If you also use Vim then I've got something to share with you: a new syntax plugin that highlights function calls banned by Microsoft's...
View ArticleUse the Source, Luke!
If there's one thing that I've learned throughout the years as a programmer, it is not always safe to trust the documentation. In fact, there is an old saying, “Use the source, Luke!” When possible,...
View ArticleOn the Importance of Good Developer Documentation
Programmers rely on documentation. It's how we learn to use APIs. Misusing APIs is a leading source of vulnerability. You might think that documentation is a cure to this ailment. Unfortunately, as...
View ArticlePreventing Security Development Errors: Lessons Learned at Windows Live by...
Casaba had the opportunity to contribute to a new Microsoft paper regarding ASP.NET MVC security. It's online through the SDL pages, and here's the paper's direct link. A short summary of the paper...
View ArticleGetting Around Conditionally Banned APIs When Using Microsoft’s banned.h...
This code sample makes use of banned.h, a Microsoft-supplied header file that deprecates dangerous CRT functions. Microsoft also poisons these functions on UNIX if you include banned.h there. This is a...
View ArticleMicrosoft CCI Framework for Deobfuscating .Net binaries.
We had an issue recently crop up with an obfuscated .Net binary. I’ve been meaning to spend more time reversing .Net protected binaries so I start looking in it. Unfortunately everything I was reading...
View ArticleMicrosoft CCI Framework for Deobfuscating .Net binaries. (Part 3)
Renaming parts of the assembly. So I promised this last week, but I’ve been busy on a new project. Below is some code that shows renaming of methods. This is a solution to renaming classes within...
View ArticleX5S V2.0…. its coming!
So, It’s been awhile since we’ve done any public updates to X5S. Over the last year, I’ve improved the algorithm and process significantly. Be on the look out, it should be released within the next...
View ArticleMicrosoft “Roslyn” based REPL injection.
Microsoft recently released their new Compiler API codename “Roslyn”. If you haven’t checked it out yet you should. Here’s the link: http://msdn.microsoft.com/en-us/roslyn/. I wanted to get my hands a...
View Article