In the next installment of my security series, I’ll tackle SQL injection. In the true code reuse fashion, I’ll provide a couple links that do a great job of explaining some misconceptions about SQL injection and how to protect your application. First here’s a link to a post on Glen Gordon’s blog about injection: http://blogs.msdn.com/glengordon/archive/2008/04/15/some-sql-injection-attack-misperceptions-and-reality.aspx. [...]
Continue reading about Getting Serious About Security – Part 3 – SQL Injection
Cross site scripting can be a tough vulnerability to eliminate, but it doesn’t necessarily have to be. If you’re working on an ASP.NET project, the Microsoft Anti-XSS library is easy to use and freely available. Like a lot of developers, I’ve rolled my own anti-XSS by escaping specific characters, but it’s usually clunky and let’s [...]
Continue reading about Getting Serious About Security – Part 2 – XSS
Well my highly publicized conversion to Linux is sort of over. I’ve still got Ubuntu installed on my secondary notebook, but I went back to WinXP on my primary notebook. There are some things I want to do, and it’s just a whole lot easier to use Windows (primarily work with videos of my daughter [...]