Security and the ASP.NET View State

| 0 comments

Many of you who work with Microsoft .NET are aware of the View State and for those of you who are just getting started with .NET please take the time to read the ASP.NET View State Overview over on the Microsoft Developer Network (MSDN). While the viewstate is necessary, it does not come without security concerns that you should understand and what you can do to mitigate the risks. The viewstate is a repository in an ASP.NET page that can store values that have to be retained during postback. The page framework uses view state to persist control settings between …

Continue reading

Learning BackTrack 5: The Art Of Penetration Testing

| 0 comments

BackTrack is an absolutely amazing Linux based penetration testing environment that is entirely dedicated to hacking. I must say that you should use common sense when you begin digging into the security tools provided because the last thing you want to do is break the law and find yourself in trouble. Now to say that there are many security tools available in BackTrack would be an understatement. In fact there is so many available that I would never start to list theme here. If you wish to see for yourself, simply execute the following within your terminal instance: dpkg –list …

Continue reading

Stop Online Piracy Act And The Future Of Internet Freedom

| 0 comments

I thought it was time that I sat down and put to paper so to speak my thoughts about the Stop Online Piracy Act (SOPA). For those of you that know me personally know that I am not a fan of SOPA for many of the reasons that other individuals as well as large technology companies have stated. In short SOPA is entirely to vague and leaves the door open for entirely a nanny state which I am sure you agree will kill the Internet freedoms we enjoy today. SOPA “explained” by Guardian Opinion Time I must say that there …

Continue reading

Database Security

| 0 comments

Databases are the core targets for hackers and they can be a source of vengeance when it comes to disgruntle employees.  In this case, the Human Resources (HR) group has requirements to house data that are used across the corporation from management to the level of employees, which requires numerous security considerations. Traditionally access control has been performed at the application level within code however if a database accounts properly for access control the value of this level of control begins to take shape.  The workflow demonstrated in figure 1 provides the needed foundation to address interfaces, enforcement, and access …

Continue reading

WikiLeaks Lessons Learned

| 0 comments

In the end, the distinction that is drawn from WikiLeaks is that this organization in no way resembles traditional or modern day hackers.  In order to back up this assertion it is important to understand the definition of a hacker, which is a person who illegally gains access to and sometimes tampers with information in a computer system. Traditional Hackers While WikiLeaks had been existence for some time, they gained notoriety when a United States (US) service member leaked classified Pentagon documents.  For this reason, I advocate that the term hacker is not relevant.  In fact, it seems the US …

Continue reading