jennifer.hernandez

/Jennifer Hernandez

About Jennifer Hernandez

This author has not yet filled in any details.
So far Jennifer Hernandez has created 43 blog entries.

.NET Configuration Management and Secure Code Review

When a runtime or design-time error occurs in an application, ASP.NET shows a default error page that gives a brief description of the error along with the line number on which the error occurred. A developer would want to view this default error page during the testing of the application since the description helps him [...]

September 17th, 2014|Categories: .NET Configuration Management and Secure Code Review, Secure Programming Exercises|Comments Off on .NET Configuration Management and Secure Code Review

.NET Secure File Handling

The files that are stored in subdirectories are vulnerable to path traversal attacks. Extract the file name from the input, and use the Path class to limit files to a particular directory. Implement the classes available in the System.IO namespace to secure files [...]

September 17th, 2014|Categories: .NET Secure File Handling, Secure Programming Exercises|Comments Off on .NET Secure File Handling

.NET Error Handling, Auditing, and Logging

Printing exception messages using StackTrace is not secure since it may give detailed information about exceptions that occurred that help the attacker in determining loopholes and security flaws in an application. Instead of using StackTrace it is better to use œMessage to print error messages. The correct way of handling [...]

September 17th, 2014|Categories: .NET Error Handling, Auditing, and Logging, Secure Programming Exercises|Comments Off on .NET Error Handling, Auditing, and Logging

.NET Cryptography

Symmetric key algorithms are a class of algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of cipher-text. The keys may be identical or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more [...]

September 17th, 2014|Categories: .NET Cryptography, Secure Programming Exercises|Comments Off on .NET Cryptography

Secure Session and State Management

In this lab you will assign a shorter time period to session expiry in the roleManager and SessionState elements of Web.config to protect session values from being stolen by attackers. Secure Session and State Management Secure Programming Exercises / Secure Session and State Management contains the [...]

September 17th, 2014|Categories: Secure Programming Exercises, Secure Session and State Management|Comments Off on Secure Session and State Management

.NET Authentication and Authorization

The form authentication ticket is used to tell the ASP.NET application who you are. Thus, the ticket is the building block of Forms Authentication's security. The ticket is encrypted and signed using the "machineKey" configuration element of the server's Machine.config file. ASP.NET 2.0 uses the decryptionKey and the new decryption attribute of the machineKey element [...]

September 17th, 2014|Categories: .NET Authentication and Authorization, Secure Programming Exercises|Comments Off on .NET Authentication and Authorization

Input Validation and Output Encoding

There are two approaches to perform input validation; Client-side Input Validation and Server-side Input Validation. Client-side Input Validation: The client-side script for input validation executes at the client side and validates the input data from the user and sends the validated data to the server for further processing. Server-side Input Validation: The server-side script for [...]

September 17th, 2014|Categories: Input Validation and Output Encoding, Secure Programming Exercises|Comments Off on Input Validation and Output Encoding

Log Capturing and Event Correlation

Every device on a network generates some kind of logs for each and every action carried out on the network. Capturing and analyzing the log files are important tasks for investigating the security posture of the target network, as they contain information about all the system, device, and user activities that took place within the [...]

September 4th, 2014|Categories: Incident Handling Exercises|Comments Off on Log Capturing and Event Correlation

Forensics Investigation Using EnCase

EnCase® Forensic solution lets examiners acquire data from a wide variety of devices, unearth potential evidence with disk level forensic analysis, and craft comprehensive reports on their findings, all while maintaining the integrity of their evidence. Forensics Investigation Using EnCase Computer Forensics Exercises / Forensics [...]

September 4th, 2014|Categories: Forensics Investigation Using EnCase, Incident Handling Exercises|Comments Off on Forensics Investigation Using EnCase

Forensics Investigation Using AccessData FTK

Forensics investigation involves the acquisition, preservation, analysis, and presentation of computer evidence. This type of evidence is fragile in nature and can easily, even inadvertently be altered, destroyed, or rendered inadmissible as evidence. Computer evidence must be properly obtained, preserved, and analyzed to be accepted as reliable and valid in a court of law. [...]

September 4th, 2014|Categories: Forensics Investigation Using AccessData FTK, Incident Handling Exercises|Comments Off on Forensics Investigation Using AccessData FTK