|
|
|
Browse by Tags
-
Thanks for those of you who attended my talks last week in London. The ASP.NET Attack and Defence talk covered SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). The first two have downloadable demos and labs as part of...
-
From Coding Horror , originally from CWE/SANS , this is a list that every developer should review from time to time. If you work on software in any capacity, at least skim this list. I encourage you to click through for greater detail on anything you're...
-
It's a bit of a pain to create self-signed certs using MAKECERT. So here's a GUI-based tool that uses a combination of the .NET Framework and the CryptoAPI to create self-signed X.509 certificates. And it's factored so that you can use the...
-
Over the last couple of years, I've worked on websites that support both HTTP and HTTPS, and it's always tricky to find a balance between security and usability. Dominick wrote an excellent article about this awhile back, suggesting that allowing...
-
The other day I was working on a website that uses ASP.NET health monitoring to log unhandled exceptions. This system sends email to the devs when exceptions occur so that they can track down the problem. Their website is constantly getting better as...
-
Chris Sells used to poke fun at me when we worked together in my former life . He used to call my security class, "Essential Access Denied". His point was a good one: when they aren't applied carefully, security countermeasures often just...
-
I've been rather dark over the last couple of months as I helped to finish up Pluralsight's online training offering, Pluralsight On-Demand . I'm psyched that we finally shipped! Be sure to check it out soon (you can preview bits of each course...
-
Executive summary: ValidationSummary controls look at the ErrorMessage field to figure out what to display, so always use ErrorMessage in a verbose enough way that it will be helpful from a ValidationSummary control. If you need a shorter message to display...
-
I just spent about 15 minutes debugging a problem where a document was getting unexpected nulls where empty strings should have been. Indeed controls like the TextBox have code in them that allows you to set the Text property to null and the TextBox will...
-
( Updated 9 Oct 2008: replaced my custom MemoryStream.CopyUpToSeekPointer() extension method with MemoryStream.ToArray(), a built in method on MemoryStream that I overlooked and should have been using) It's surprising that XmlDocument isn't marked...
-
Two way data binding in ASP.NET is easy, just use the Bind expression and data will flow between your web controls and your data source flawlessly. Until that is, you try to use a format string: Bind("AmountCharged", "{0:C}") While...
-
This is the third post in a series. The first post described the problem: ASP.NET wasn't reporting inner exception stack traces. The second post described my solution. This post shows the code I used to solve the problem: a custom email provider for...
-
In my last post , I commented on how ASP.NET health monitoring doesn't output stack traces for inner exceptions, which can be problematic due to its heavy reliance on reflection. I spent the morning doing some further spelunking with reflector , and...
-
This can be a problem, especially when an ObjectDataSource starts throwing exceptions. The stack trace looks the same because of the way the methods are invoked (via reflection) - you end up with a stack trace for a TargetInvocationException, which basically...
-
I've been building some internal pages for our sales team here at Pluralsight , and many of those pages make use of the ASP.NET GridView control to display rectangular data. It's generally a really easy to use control, but I've always struggled...
|
|
|
|
|