IT Security


  • OWASP Top 10 Vulnerabilities

    The OWASP Top Ten provides a powerful awareness for web application security. In this article is the top 10 security risks listed by OWASP 2013.
  • Knowledge Sharing Eves: Authentication Types & Authentication Systems

    This week it was Kunal who helped us understanding more on Authentication in general. Read more for details.
  • Secure Mailing

    This application an be used to encrypt a text message using AES encryption as well as send it to the person whose email is provided. This could be used as the security software for any of us. But to decrypt the encrypted text one must have the same application.
  • Test for Desktop User Group Membership with C#

    This article describes a simple approach to determining whether or not a logged in user is a member of a group within the context of a desktop application. The approach shown relies upon the use of the user’s current Windows identity.
  • Encrypt and Decrypt Sensitive Metadata Within Your Config file

    In a certain cases, metadata embedded within your configuration file is sensitive. In fact, imagine that you develop an application that uses a data base as data source; all information about this data base is located in the configuration file. What if a hacker success to log into your configuration files and obtains the connection string and other metadata about your data base??
  • Security Setting for Excel

    To run the excel report, security settings are required for excel application because while working with the excel application we are going to use some of the classes for manipulating the data inside the file. This article shows how to grant access or rights to those files.
  • Using Symmetric Algorithms to Encrypt Data

    In this article, I will propose a method of how to encrypt data and store it using symmetric algorithms whose are, in fact, four integrated classes within the .Net framework, namely DES,RC2,Rijndael and TripleDES but I will perform the task using the two last ones as they are the mostly used in real time cases.
  • Exploring Security in .NET: Part I

    This article highlights some of the key concepts of .NET Security like Code Access Security, Evidence based Security and many more.
  • Database Provider-based ASP.NET Membership Provider

    This article is intended to explore the provider pattern in the context of a membership provider.
  • Developing Secure Web Site with ASP.NET and IIS: PartII

    Authentication is a very important element of developing secure sites. It is the starting point of a secure environment for the protected resources. I have discussed several authentication mechanisms available in ASP.NET and how they join with IIS to provide a secure platform to develop sites in Part I of this article. I will be looking at Form Authentication and how to implement it in several sample web applications.
  • Developing Secure Web Sites with ASP.NET and IIS: Part I

    Developing security for a site is like paying tax. You know it should be done at the end of financial year. But you keep it for the last and some time expect you should never have to do it. It is a similar kind of situation when building a web site. There are some web sites available to general public that can be access by any one. The security for these sites can be minimum or none at all. There are some web sites that publish and hold important information that have to be secure one way or another.
  • .NET SQL Authorization Manager

    .NET Sql Authorization Manager (AzMan x .NET 2.0) allows you to set Item-based permissions for Authorization Manager-enabled Microsoft.NET 2.0 applications. Storage reside on a MS Sql Server DataBase and can be administrated by a managed MMC 3.0 Snap-In.
  • Hash Password Generator

    This visual tool generates the hashed password using either SHA1 or MD5 hashing algorithm depending on the choice you make. It will display the hashed password in the read only text box, it can also copy the hashed password to clipboard on your choice for easy paste operation.
  • Cryptography in Microsoft.NET Part III: Digital Certificates

    Part-I and II of this article discussed the basics of cryptography and its applications in real world enterprise solutions. Part-I discussed the nitty-gritty of encryption and its implementation in Microsoft .NET Framework Class Library (FCL). Part-II discussed the hashing and signature algorithms and their implementation in FCL. It also discussed the two common cryptography applications namely digital envelope & digital signature.
  • Cryptography in Microsoft.NET Part I: Encryption

    Microsoft .NET has pre-built solutions to all of these in each application domain, viz., ASP. NET, Web Services, Serviced Component etc. It enables building secured application by simple configuration as in ASP.NET to full fledged programmable security as in code access security and Cryptography.
  • Extracting Modules and Component(RSAParameter) from X509Certificate PublicKey

    In some applications, it might be necessary to extract the modulus and exponent from the X509Certificate PublicKey. The X509Certificate.GetPublicKey() returns a byte array that contains the ASN.1 Encoding information along with the modulus and exponent as described in the RFC2459.
  • Understanding How Assert Effects Security

    Assert is a security action that is evaluated at run time. Code Access Permission classes and Permission Sets support a method called Assert. Using the Assert method to control access to resources or actions will allow your code to perform actions that it normally has permission to perform and will allow other callers up stream in the call stack to have access that they would not normally have.
  • Viewing Assembly Permissions

    In this article I will show you how you can view the Code Groups that an assembly belongs to and what permissions belong to the assembly. I will demonstrate the Caspol utility supplied with the .NET SDK.
  • Configuring Publisher Policy File

    Versioning in the Microsoft .NET Framework is managed at the assembly level and is only used when locating strong-named assemblies. By default, the common language runtime loads the assembly whose entire version number matches the version number in the calling assembly's metadata.
  • Simple Captcha with ASP.Net

    A solution to block bots submitting to your database using C#.
  • Code Access Security

    Code Access Security represents a fundamentally different way of controlling access rights to protected resources. Traditionally, permissions such as access to the file system, databases or network were allocated based on characteristics of the user. All processes executed by the user would assume an equivalent set of permissions.
  • Securing Your ASP.NET Web Applications

    Web application security is not just about attackers hacking websites, stealing sensitive information from websites, sending high traffic to websites with denial of service attacks, viruses, worms and Trojan horses. Are these are the only problems that we have? The answer is no. There are other problems that are frequently overlooked.
  • Defining Custom Entry Points

    In this article i am going to demonstrate how we can manipulate the IL code to change the behaviour of how the .NET programme executes.
  • Protecting IL Code from unauthorised Disassembling

    Microsoft .NET proved a mechanism where the code written in VB.NET, C# or any CLS compliant languages to generate MSIL (Microsoft Intermediate Language)code which targets the CLR and executes. This is an excellent mechanism to abstract the high level code from the underlying hardware.
  • .NET Security in C#

    This article shows how to make file I/O access be denied if the user running the application did not have administrator privileges.