Call Us Today! 505.341.3228

Secure Programming Exercises

/Secure Programming Exercises

.NET Configuration Management and Secure Code Review

When a runtime or design-time error occurs in an application, ASP.NET shows a default error page that gives a brief description of the error along with the line number on which the error occurred. A developer would want to view this default error page during the testing of the application since the description helps him [...]

September 17th, 2014|Categories: .NET Configuration Management and Secure Code Review, Secure Programming Exercises|Comments Off on .NET Configuration Management and Secure Code Review

.NET Secure File Handling

The files that are stored in subdirectories are vulnerable to path traversal attacks. Extract the file name from the input, and use the Path class to limit files to a particular directory. Implement the classes available in the System.IO namespace to secure files [...]

September 17th, 2014|Categories: .NET Secure File Handling, Secure Programming Exercises|Comments Off on .NET Secure File Handling

.NET Error Handling, Auditing, and Logging

Printing exception messages using StackTrace is not secure since it may give detailed information about exceptions that occurred that help the attacker in determining loopholes and security flaws in an application. Instead of using StackTrace it is better to use œMessage to print error messages. The correct way of handling [...]

September 17th, 2014|Categories: .NET Error Handling, Auditing, and Logging, Secure Programming Exercises|Comments Off on .NET Error Handling, Auditing, and Logging

.NET Cryptography

Symmetric key algorithms are a class of algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of cipher-text. The keys may be identical or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more [...]

September 17th, 2014|Categories: .NET Cryptography, Secure Programming Exercises|Comments Off on .NET Cryptography

Secure Session and State Management

In this lab you will assign a shorter time period to session expiry in the roleManager and SessionState elements of Web.config to protect session values from being stolen by attackers. Secure Session and State Management Secure Programming Exercises / Secure Session and State Management contains the [...]

September 17th, 2014|Categories: Secure Programming Exercises, Secure Session and State Management|Comments Off on Secure Session and State Management

.NET Authentication and Authorization

The form authentication ticket is used to tell the ASP.NET application who you are. Thus, the ticket is the building block of Forms Authentication's security. The ticket is encrypted and signed using the "machineKey" configuration element of the server's Machine.config file. ASP.NET 2.0 uses the decryptionKey and the new decryption attribute of the machineKey element [...]

September 17th, 2014|Categories: .NET Authentication and Authorization, Secure Programming Exercises|Comments Off on .NET Authentication and Authorization

Input Validation and Output Encoding

There are two approaches to perform input validation; Client-side Input Validation and Server-side Input Validation. Client-side Input Validation: The client-side script for input validation executes at the client side and validates the input data from the user and sends the validated data to the server for further processing. Server-side Input Validation: The server-side script for [...]

September 17th, 2014|Categories: Input Validation and Output Encoding, Secure Programming Exercises|Comments Off on Input Validation and Output Encoding

Secure Programming Exercises

Secure Programming Exercises are available as part of the following subscription: Each subscription provides 6 months of access to 68 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise. The Secure Programming Exercises are designed to give the user [...]

September 3rd, 2014|Categories: Secure Programming Exercises|Comments Off on Secure Programming Exercises