DamienG

9 blog posts tagged security

Placeholder image
MAY
16
2015
Technology1 minutes

Quality of SSL protection for US financial institutions

Troy Hunt put together a list of top Australian banks and their SSL rating using the Qualys SSL Server Test that reveals the somewhat depressing state of SSL security of various banks down-under.

Placeholder image
DEC
20
2007
Development2 minutes

Thoughts on awareness of security vulnerabilities & full disclosure

HTML, SQL and XSS injection vulnerabilities aren’t new but they are still largely ignored by developers.

Placeholder image
DEC
18
2007
Development3 minutes

5 signs your ASP.NET application may be vulnerable to HTML injection

If you don’t encode data when using any of the following methods to output to HTML your application could be compromised by unexpected HTML turning up in the page and modifying everything from formatting though to capturing and interfering with form data via remote scripts (XSS). Such vulnerabilities are incredibly dangerous.

Placeholder image
DEC
10
2007
Technology4 minutes

How dangerous is HTML injection?

A few years ago I believed that HTML and SQL injection vulnerabilities were headed for extinction. Thanks to object-relational mapping tools SQL injection continues to die but HTML and script injection vulnerabilities are as popular as ever.

Placeholder image
OCT
28
2007
Development2 minutes

Security vulnerabilities are not acceptable in sample code

Earlier this week the ASP.NET article of the day linked to 4-Tier Architecture in ASP.NET with C# which I noticed suffered from both HTML and SQL injection. I promptly informed the author and the ASP.NET site (who pulled the link) but the author was rather unconcerned and wrote (after editing my comment):

Placeholder image
AUG
16
2007
Development1 minutes

Web Application Security for Developers presentation

Last nights Guernsey Software Developers Forum meeting was sparsely attended with a number of the regulars attendees absent. There were however two new faces including Kezzer who I’d been chatting to on-line for years.

Placeholder image
AUG
15
2007
Guernsey1 minutes

Web Application Security presentation in Guernsey

This presentation is now available on-line.

I will be giving a talk about web application security tonight at the Guernsey Software Developers Forum.

Placeholder image
SEP
16
2005
Development5 minutes

Avoiding SQL injection

Back in ’98 I was developing an extranet site for a local company when I realized that it would be open for exploit if somebody put single quotes in text fields. It was early in the development cycle so I fixed it and moved on, unable to find out how other people were avoiding the problem.

Placeholder image
FEB
9
2005
Technology1 minutes

Phishing with IDN’s

Currently “hot news” is the fact that Firefox, Mozilla and Safari browsers have been demonstrated as susceptible to a new form of phishing attack.