Categories
Forums
Premium Sponsor
Premium Sponsor
fullcontrol.net

Search


Advanced Search
Popular Articles
Popular Authors
Partners
 
SubMain - Developer Tools
 »  Home  »  Web Development
Web Development

ASP.NET (16)
Web Services (12)
Mobile Devices (2)

» Web Application Security: Don't Bolt It On; Build It In
by Caleb Sima | Published 06/12/2008 |  | Rating:
In light of breaches in Web application security worldwide, the importance of catching potential areas for intrusion is necessary at the beginning. Performing application vulnerability testing during production (and not after a breach has been detected) can save a company thousands of dollars. The only way to ensure the highest level of security is to build it in from the outset. [read article...]
» What You Need to Know about PCI Compliance and Web Application Security Policy Changes
by Michael Sutton | Published 03/28/2008 |  | Rating:
PCI compliance exists to protect consumers from credit fraud, and their data will be protected if rules are followed. If your business accepts credit cards, you are aware of changes to PCI compliance in June. Adherence to section 6.6 of the PCI compliance rules should have been met; if not, web application security must be integrated into existing applications. This mandate allows businesses to evaluate their security practices. [read article...]
» Rich Internet Applications: Has Microsoft Finally Seen the (Silver) Light?
by Charlie Fink | Published 01/11/2008 |  | Rating:
In response to other frameworks for rich Internet applications, Microsoft has introduced Silverlight. Microsoft Silverlight offers both similarities and differences to other options, including Adobe Flex and AJAX-based frameworks. Learn more about the major players creating frameworks for rich Internet applications, what the benefits and disadvantages are for each, and what Microsoft has to bring to the table. [read article...]
» Effective Controls for Attaining Continuous Application Security Throughout the Web Application Development Life Cycle
by Caleb Sima | Published 09/28/2007 |  | Rating:

Improving your Web application development process is one of the best ways to avoid security vulnerabilities and nasty surprises during security assessments. Learn about the points in the software development life cycle where additional security awareness and training is needed to ensure that your organization remains successful and secure.

[read article...]
» Ruby on Rails Proves It Deserves the Hype
by Francis Wong | Published 09/18/2007 |  | Rating:

The Ruby programming language and Rails framework have both been around for a few years, but the two technologies have recently been combined to create a new development environment. This new environment, dubbed Ruby on Rails, has simplified web application development. Learn how it can improve programming productivity at your organization.

[read article...]
» Implementing Effective Vulnerability Remediation Strategies Within the Web Application Development Lifecycle
by Caleb Sima | Published 08/02/2007 |  | Rating:

After a security assessment has been performed as part of the web application development lifecycle, it is important to understand how to address and fix any application vulnerabilities that are uncovered. Learn more about the steps that should be taken during the remediation process, from categorization to testing and validation, and find out why collaboration among developers is critical for success.

[read article...]
» Using Ajax for Web Application Development: What Businesses Need to Know
by Francis Wong | Published 07/31/2007 |  | Rating:

Ajax is a hot topic today when it comes to web application development projects. Because it's become such a buzzword, businesses may be wondering how they can incorporate this form of web programming into their websites and what the benefits could be. This article will help you understand the origins of Ajax as well as the pros and cons of its use.

[read article...]
» Web Application Vulnerability Assessment Essentials: Your First Step to a Highly Secure Web Site
by Caleb Sima | Published 06/21/2007 |  | Rating:

It is important for a business to understand the fundamentals of running a vulnerability assessment in order to determine how one will be run and what can be expected from the results. A web application security scanner can automate the process, but a quality assessment may still require actual human eyes to catch specific issues. Learn more about the whys and hows of vulnerability assessments.

[read article...]
» Service-Oriented Architecture: What Is It and How Can It Help Your Business?
by Charlie Fink | Published 04/12/2007 |  | Rating:
Service-oriented architecture is a hot topic in today's business world, and it can provide many key benefits. It is important to look at service-oriented architectures from both a real-world perspective as well as a technical perspective to gain a complete understanding of this new concept. Read more about service-oriented architecture and learn how it can add functionality to Web-based applications and save developers time over the long term. [read article...]
» Interpreting the Results of a Vulnerability Assessment: How to Focus on What's Important in Your Web Application Security Testing
by Caleb Sima | Published 03/07/2007 |  | Rating:
The results of an extensive vulnerability assessment of a Web application can appear extensive on first review. However, it is important to understand that many Web application security holes found by such an assessment may in fact not matter to an organization's specific situation. Learn more about how to weed through such findings to establish which need to be addressed and which are in fact not urgent. [read article...]
» Asking the Right Question: Penetration Testing vs. Vulnerability Analysis Tools, Which Is Best?
by Dennis Hurst | Published 02/27/2007 |  | Rating:

Lately, many people have been asking what is more important: using vulnerability analysis tools to assess web-based applications or instead focusing on penetrating testing. The fact is that both are important and that a combination approach can prove to be more valuable. Learn more about how the web application security industry has evolved and what needs to be done to ensure the security of applications.

[read article...]
» Preventing a Brute Force or Dictionary Attack: How to Keep the Brutes Away from Your Loot
by Bryan Sullivan | Published 01/10/2007 |  | Rating:
A brute force attack, also known as a dictionary attack, is one of the more uncomplicated attacks available to a hacker. However, the odds of this type of attack succeeding can be very high if a site is not configured properly. Learn more about what can be done to defend a site against a brute force attack - including implementing incremental delays and carefully wording error messages - and which defensive strategies don't work. [read article...]
» Malicious Code Injection: It’s Not Just for SQL Anymore
by Bryan Sullivan | Published 11/11/2006 |  | Rating:

While many developers are aware of the threats posed by malicious code, and by SQL injection attacks in particular, there are other forms of code injection that are equally dangerous. Learn more about XPath injection, LDAP injection, and command execution injection and view examples of each type of attack. In addition, learn why many preventative actions that are commonly suggested to developers are not helpful, and discover how the creation of whitelists and blacklists can help to protect an application from malicious code injection attacks.

This article has been written by Bryan Sullivan, who is a development manager at SPI Dynamics, a Web application security products company. 

[read article...]
» Testing for Security in the Age of Ajax Programming
by Bryan Sullivan | Published 10/13/2006 |  | Rating:

Ajax programming, which allows a web page to refresh a small portion of its data from a web server, is an exciting technology that has recently been introduced. However, this type of programming can also leave applications open to SQL injection and similar attacks. It is important for the developer to test the application thoroughly for vulnerabilities before passing it on to the QA department. And the QA engineer needs to learn to "think like a hacker." Learn more about securing your website's Ajax programming.

 

This article has been written by Bryan Sullivan, who is a development manager at SPI Dynamics, a Web application security products company. 

[read article...]
» Application Error Handling: How to Avoid Death by a Thousand Cuts
by Bryan Sullivan | Published 09/01/2006 |  | Rating:
Conscientious developers often want to help the end user when an application error occurs by creating a message to be displayed that contains detailed information. However, if developers are overly helpful with their error handling approach, they can wind up giving up critical information to an attacker. Learn about the best practices that should be followed when creating error messages, including important guidelines that should be taken into consideration. [read article...]
» Beyond Stored Procedures: Defense-in-Depth Against SQL Injection
by Bryan Sullivan | Published 07/17/2006 |  | Rating:

   Unless you are certain that you have taken the right steps to counter SQL Injection attacks, you may be more vulnerable than you think.

    This article has been written by Bryan Sullivan, who is a development manager at SPI Dynamics, a Web application security products company. 

[read article...]
» Web Application Security and Sarbanes-Oxley Compliance
by Caleb Sima | Published 02/01/2006 |  | Rating:

An important issue facing companies today is Sarbanes-Oxley compliance, but, as the U.S. Sarbanes-Oxley Act of 2002 (SOX) is relatively new, the implementation of the regulation has not been fully established. The requirements of SOX compliance focus on establishing a system of checks and balances for corporate financial reporting and are designed to hold executives, accountants, and auditors of public corporations to higher standards.

[read article...]
» Security Risk Assessment and Management in Web Application Security
by Caleb Sima | Published 12/16/2005 |  | Rating:

Security risk assessment and security risk management have become vital tasks for security officers and IT managers. This article looks at some of the issues.

[read article...]
» Using ASP.NET DataGrid Web Server Control
by Misha Zhutov | Published 11/03/2005 |  | Rating:

It would be hard to find a web developer who doesn’t need to use a DataGrid. This control is ideal for data presentation. Besides the visualization, it provides a powerful set of possibilities to edit, delete, add and update data. ASP.NET includes a well designed, powerful DataGrid Web Server Control which makes the life of web developers easier. I remember the time when we had to implement the grid's functionallity manually in classic ASP. And, although, a lot of time has passed since first ASP.NET was released and a lot of information exists on the  web, still there are a quite a bit of questions asked on forums about DataGrid features. In this article I will demonstrate some DataGrid features such as editing, updating, deleting, sorting, paging, etc. which are quite often used by many web developers.   

[read article...]
» Locking the Door Behind You: Hacker Protection for Your Web Applications
by Caleb Sima | Published 10/16/2005 |  | Rating:

Your Web applications can be the most important and most vulnerable entry point into your organization, and, as such, ensuring adequate hacker protection in your Web applications can be critical. A Web application not only includes the code that creates your Web site, but also the architectural components necessary to make a Web site available and useful to the public – both of which can make a Web site vulnerable to attacks like SQL injection or cross site scripting (XSS). When considering hacker protection for your Web applications, you must account for all the components that work together to create a Web site, not just the visible face presented to the world at large.

[read article...]
» The Latest in Internet Attacks: Web Application Worms
by Caleb Sima | Published 09/07/2005 |  | Rating:
By now, most companies recognize that network security is an important aspect of daily operations, but few realize how quickly new methods of Internet attacks are being invented. While organizations rush to develop their security policies and implement even a basic security foundation, the professional hacker continues to find new ways to attack by modifying old Internet worms, Trojans, and viruses, or creating completely new ones.  Recently, the attention of these hackers has reverted to Internet attacks targeted at the application layer, which can include either shrink-wrapped or custom applications. This layer is commonly the least protected layer of an organization's network. Industry experts estimate that three-fourths of the successful attacks targeting corporate networks are perpetrated via the application layer. Considering the nature of Web applications that allow access to internal and external audiences, these Internet attacks can pose a serious threat to an organization's back-end data without the organization's knowledge... [read article...]
» Paranoia: Cross Site Scripting
by Tiberius OsBurn | Published 03/27/2003 |  | Rating:
They're watching you - you know that? They've been scoping out your site for quite some time, looking at ways to screw with you and your site. All right, you think your code is secure, eh? Got the latest handy-dandy encryption on your stuff, all up to snuff on your patches and service packs. But you know what? You're making a critical blunder on your site, and you might not even know it. If you're taking information passed in on a Querystring and then you Response.Write it out on the page, uh-oh brother, you've got problems... You're ripe for the picking with Cross Site Scripting. Unless you already know where I'm going with this, read on. [read article...]
» The Low Down on ASP.NET DropDownList Control
by Guest Author | Published 01/10/2003 |  | Rating:
Whenever I see a DropDownList control, my brain says "Yes! That is a ComboBox!" That's because I've been programming in Visual Basic 6.0 for too long. VB6 has something called a ComboBox. It was given that name because it could be used in different ways. That was way cool but whenever I had to write a help file or explain an application to a customer, I couldn't use the term "ComboBox" without them wrinkling their brow and frowning at me. The "combo" aspect of the control never made sense to users, only programmers. So I started calling it a drop-down list. That made more sense to the customer. No more wrinkled brows. No more frowns. (But sometimes in the middle of the night I would quietly whisper ... "ComboBox! ComboBox!"). [read article...]
» Detecting a Client's screen resolution in ASP.NET
by Serge Baranovsky | Published 12/08/2002 |  | Rating:
While there is no "native" to determine client bowser screen resolution in .NET Framework your ASP.NET application still can retrieve this information using little client-side JavaScript trick [read article...]
» Searching an XML Document Using a DataSet and DataView
by Chris Scott | Published 10/23/2002 |  | Rating:
Sometimes you need the basic features of a database but don't want the hassle, and possibly cost, of creating one for a small application. With the .NET DataSet object and a simple XML document we can emulate the basic features of a database. [read article...]
» Form Authentication in ASP.NET using XML
by Guest Author | Published 10/12/2002 |  | Rating:
In ASP.NET, most of the tedious work of writing authentication form has been taken out. This example shows how to create ASP.NET Authentication Form using XML file for storing user information instead of Microsoft SQL Server or Microsoft Access database. [read article...]
» Content Thieves
by Tiberius OsBurn | Published 10/06/2002 |  | Rating:
Someone's been stealing your content. Really. It's easy to do, too. I'm talking about all the fancy jpgs, docs and pdfs on your site. Guess what? If I can hit them with a URL, they're mine. Don't like it? Too bad. If you have a default page, I can set up a spider to snake out all of your content in a couple of minutes. Google has been doing it for quite a while - they finger your site, snatch out all of your graphics and your entire HTML. So, what's the solution? Enter the HttpHandler. [read article...]
» Security Smack Down
by Tiberius OsBurn | Published 09/27/2002 |  | Rating:
Security has always been a 'problem' with IIS, mostly because of the lackadaisical work habits of system administrators... I'll walk you through some of the easiest ways to lock down a machine and fix some of the snags that you might encounter when deploying an ASP.NET application. First Rule: If you don't know what you're doing, don't do it. Second Rule: Make sure you plug those holes that would make the "little Dutch boy" blush. [read article...]
» Screen Scraping
by Tiberius OsBurn | Published 09/08/2002 |  | Rating:
Not too long ago, if you wanted some particular information off of a particular web site, you'd have to snake the HTML off a page and incorporate it into yours. Whether you did that manually via cut and paste or with a homegrown process was up to you - usually it involved some pain and misery to get it right. I'm going to show you how to do a little constructive scraping in order to put more content out on the web. [read article...]
» Encrypting QueryStrings with .NET
by Tiberius OsBurn | Published 09/04/2002 |  | Rating:
Once upon a time in the tech world, obscurity was security - this being most true in the early years of the industry, when there were gaping holes in privacy policies and confidential client information was bandied about from site to site without a care as to who actually could read the information. With the new Cryptography classes in .NET, there's absolutely no excuse for not hiding even the most innocuous user data. [read article...]