In my last post ( Session Fixation & Forms Authentication Token Termination in ASP.NET ), I talked about ways to mitigate two types of...
Home
Archive for
2013
Session Fixation & Forms Authentication Token Termination in ASP.NET
ASP.NET applications commonly have one or more vulnerabilities associated with the use of ASP.NET_SessionId cookies and forms authenticati...
Burp Suite Plugin: WCF Binary SOAP Scanner Insertion Point
In a previous post , I showed how the Burp Suite API can be used to view and modify WCF Binary SOAP messages to assist with manual testin...
Non-Negotiable Elements of a Secure Software Development Process: Part 3 - Validation Criteria
In September, I gave a presentation focused on helping quality assurance professionals understand how they fit into a secure software devel...
Burp Suite Plugin: View and Modify WCF Binary SOAP Messages
Microsoft’s WCF Web Services have a binary encoded SOAP messaging mode available that Silverlight, WPF, and other thick client applicati...
Practical Analysis of New Password Cracker
Just before the holidays, I saw a press release regarding some state-of-the-art hash cracking hardware and the headlines made it sound li...
Non-Negotiable Elements of a Secure Software Development Process: Part 2 - Secure Architecture, Configuration, and Coding Patterns
In September, I gave a presentation focused on helping quality assurance professionals understand how they fit into a secure software deve...
New Burp Suite (>= 1.5.01) Extensibility and an Example Editor Tab Plugin
Burp Suite has a new extensibility API ! In December, I wrote a plugin that uses the new API to speed up a security assessment of a Silver...
Non-Negotiable Elements of a Secure Software Development Process: Part 1 - Security Requirements
In September, I gave a presentation focused on helping quality assurance professionals understand how they fit into a secure software devel...
Subscribe to:
Posts
(
Atom
)