Secure Programming Exercises

.NET Configuration Management and Secure Code Review

When a runtime or design-time error occurs in an application, ASP.NET shows a default error page that gives a brief description of the error along with the line number on which the error occurred. A developer would want to view this default error page during the testing of the application since the description helps him [...]

September 17th, 2014|Categories: .NET Configuration Management and Secure Code Review, Secure Programming Exercises|Comments Off

.NET Secure File Handling

The files that are stored in subdirectories are vulnerable to path traversal attacks. Extract the file name from the input, and use the Path class to limit files to a particular directory. Implement the classes available in the System.IO namespace to secure files [...]

September 17th, 2014|Categories: .NET Secure File Handling, Secure Programming Exercises|Comments Off

.NET Error Handling, Auditing, and Logging

Printing exception messages using StackTrace is not secure since it may give detailed information about exceptions that occurred that help the attacker in determining loopholes and security flaws in an application. Instead of using StackTrace it is better to use Message to print error messages. The correct way of handling [...]

September 17th, 2014|Categories: .NET Error Handling, Auditing, and Logging, Secure Programming Exercises|Comments Off

.NET Cryptography

Symmetric key algorithms are a class of algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of cipher-text. The keys may be identical or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more [...]

September 17th, 2014|Categories: .NET Cryptography, Secure Programming Exercises|Comments Off

Secure Session and State Management

In this lab you will assign a shorter time period to session expiry in the roleManager and SessionState elements of Web.config to protect session values from being stolen by attackers. Secure Session and State Management Secure Programming Exercises / Secure Session and State Management contains the [...]

September 17th, 2014|Categories: Secure Programming Exercises, Secure Session and State Management|Comments Off

.NET Authentication and Authorization

The form authentication ticket is used to tell the ASP.NET application who you are. Thus, the ticket is the building block of Forms Authentication's security. The ticket is encrypted and signed using the "machineKey" configuration element of the server's Machine.config file. ASP.NET 2.0 uses the decryptionKey and the new decryption attribute of the machineKey element [...]

September 17th, 2014|Categories: .NET Authentication and Authorization, Secure Programming Exercises|Comments Off

Input Validation and Output Encoding

There are two approaches to perform input validation; Client-side Input Validation and Server-side Input Validation. Client-side Input Validation: The client-side script for input validation executes at the client side and validates the input data from the user and sends the validated data to the server for further processing. Server-side Input Validation: The server-side script for [...]

September 17th, 2014|Categories: Input Validation and Output Encoding, Secure Programming Exercises|Comments Off

Secure Programming Exercises

Secure Programming Exercises are available as part of the following subscription: Each subscription provides 6 months of access to 68 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise. The Secure Programming Exercises are designed to give the user [...]

September 3rd, 2014|Categories: Secure Programming Exercises|Comments Off

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others

Secure Programming Exercises

We Care