Radical Development

Technical Without the Technicalities

How To Defend Against Cross Site Scripting With Microsoft .NET 4.5 AntiXss


One of the most common threats to websites is cross site scripting (XSS) which is the idea that a malicious user is attempting to load content into your website. Examples include JavaScript and HTML. This attack is carried out typically via a form input or query string. XSS can result in very nasty results which include content modification or worse hijacking user account information. If you’re asking yourself how you can possibly reduce the likelihood of this threat, the answer is simple. Encode and never trust user input under any circumstance. It is not that all users are attackers, but … Continue reading

.NET Security Inspection Questions


Application security encompasses measures taken throughout the application’s life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application. Applications only control the use of resources granted to them, and not which resources are granted to them. They, in turn, determine the use of these resources by users of the application through application security. The next time you begin a project stop and ask yourself the following questions. The best way to be successful is to prepare in advance and know what to … Continue reading

Series DropDownList: Cascading DropDownList


This is the second article on the subject of DropDownList. If for any reason you missed the earlier post titled Series DropDownList: Binding XML Data to a DropDownList, I would recommend that you take the time and read that post as well. In part two of this series I will focus on accomplishing cascading selections with your DropDownList. Since the bulk of the work was accomplished in DropDownList: Binding XML Data to a DropDownList we will pick up from there. Web Form Here we will incorporate a small change from the previous example. Notice that in this example I have … Continue reading

Series DropDownList: Binding XML Data to a DropDownList


Who doesn’t love XML? Extensible Markup Language (XML) is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. It is defined in the XML 1.0 Specification produced by the W3C, and several other related specifications, all gratis open standards.  The design goals of XML emphasize simplicity, generality, and usability over the Internet. It is a textual data format with strong support via Unicode for the languages of the world. Although the design of XML focuses on documents, it is widely used for the representation of arbitrary data structures, … Continue reading

Security and the ASP.NET View State


Many of you who work with Microsoft .NET are aware of the View State and for those of you who are just getting started with .NET please take the time to read the ASP.NET View State Overview over on the Microsoft Developer Network (MSDN). While the viewstate is necessary, it does not come without security concerns that you should understand and what you can do to mitigate the risks. The viewstate is a repository in an ASP.NET page that can store values that have to be retained during postback. The page framework uses view state to persist control settings between … Continue reading

Secure Development Series: Peer Reviews


Stop and consider for a moment what exactly the best way to address web application security is? If you place yourself into the mindset of a hacker you just may find that you find vulnerabilities that you may have otherwise not noticed. In this article, which is a follow-up to Secure Development Series: Input Validation, I will put forth the topic of peer reviews in hopes that you pause and consider what you can do to harden your applications? Just where do the largest number of vulnerabilities reside? While you may think the network poses the greatest risk and at … Continue reading