Quantcast
Channel: Developer Notes
Browsing latest articles
Browse All 17 View Live

Image may be NSFW.
Clik here to view.

Intro to npm-audit

Our applications rely more and more on external packages to enable quick deployment and ease of development. While these packages help reduce the code we have to write ourselves, it still may present...

View Article



Overview of Web Security Policies

A vulnerability was just identified in your website. How would you know? The process of vulnerability disclosure to an organization is often very difficult to identify. Whether you are offering any...

View Article

XXE DoS and .Net

External XML Entity (XXE) vulnerabilities can be more than just a risk of remote code execution (RCE), information leakage, or server side request forgery (SSRF). A denial of service (DoS) attack is...

View Article

SameSite By Default in 2020?

If you haven’t seen, Cross Site Request Forgery (CSRF) is getting a big protection by default in 2020. Currently, most protections need to be implemented explicitly. While we are seeing some nonces...

View Article

Chrome is making some changes… Are you Ready?

Last year, Chrome announced that it was making a change to default cookies to SameSite:Lax if there is no SameSite setting explicitly set. I wrote about this change last year...

View Article


Input Validation for Security

Validating input is an important step for reducing risk to our applications. It might not eliminate the risk, and for that reason we should consider what exactly we are doing with input validation....

View Article

Image may be NSFW.
Clik here to view.

XmlSecureResolver: XXE in .Net

tl;dr Microsoft .Net 4.5.2 and above protect against XXE by default.It is possible to become vulnerable by explicitly setting a XmlUrlResolver on an XmlDocument.A secure alternative is to use the...

View Article

What is the difference between encryption and hashing?

Encryption is a reversible process, whereas hashing is one-way only. Data that has been encrypted can be decrypted back to the original value. Data that has been hashed cannot be transformed back to...

View Article


Disabling SpellCheck on Sensitive Fields

Do you know what happens when a browser performs spell checking on an input field? Depending on the configuration of the browser, for example with the enhanced spell check feature of Chrome, it may be...

View Article


Image may be NSFW.
Clik here to view.

Does ASP:Textbox TextMode Securely Enforce Input Validation?

When building .Net Webform applications, the ASP:Textbox has a TextMode property that you can set. For example, you could indicate that the text should be a number by setting the property below:...

View Article
Browsing latest articles
Browse All 17 View Live




Latest Images