Geeks With Blogs
DevDevin Security Anything related to security
Black Hat DC 2008 Briefings
Last week I attended the Black Hat DC 2008 Briefings. The following is a list of the presentations I saw, the key concepts discussed as well as things I found interesting or didn’t know. Summary of Black Hat DC 2008 Briefings DAY 1 - Web App Track Preparing for the Cross Site Request Forgery Defense · A cross site request forgery (CSRF) can be used to force users to submit data to online web applications, sometimes manipulating their local cache or history. · This vulnerability could make a user ......

Posted On Tuesday, February 26, 2008 12:45 PM

Zero Byte Scripts Still Effective
Many antivirus programs are still susceptible to this evasion technique: Original post: http://blog.didierstevens.c... News article: ......

Posted On Monday, November 12, 2007 8:21 AM

Cryptographic Solutions for .NET Developers: Hashing and Encryption

Here is a pretty good introductory article on crypto in .NET:


Posted On Monday, August 6, 2007 5:28 AM

WCF NetTcpBinding Lessons Learned
I just got done with a long afternoon of implementing a Windows Service to self-host my WCF service. It was a bit trickier than I thought it would be so if I can save you the headache I'll be happy. A good place to start is by reading these two MSDN articles: Next, you'll want to understand these support articles: ......

Posted On Tuesday, June 12, 2007 9:43 PM

Kerberos Authentication Protocol
I was curious to understand Kerberos on a much deeper level so I decided to gather some resources in order to learn what was really going on under the hood: Kerberos Kerberos Explained (Windows Server 2000) Introduction to Kerberos Webcast (Windows Server 2000) Kerberos Auth in ......

Posted On Tuesday, May 29, 2007 11:56 PM

Nice Rootkits Review
This review on rootkits might save you some day:

Posted On Thursday, January 18, 2007 12:59 PM

Asp.Net Anti-Cross Site Scripting Library
For defence in depth, developers may wish to use the Microsoft Anti-Cross Site Scripting Library to encode output. This library differs from most encoding libraries in that it uses the "principle of inclusions" technique to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The principle of inclusions approach provides a high degree of protection against ......

Posted On Monday, December 11, 2006 11:51 PM

Use SecureString in .NET 2.0 for Confidential Text
SecureString Class Represents text that should be kept confidential. The text is encrypted for privacy when being used, and deleted from computer memory when no longer needed. This class cannot be inherited. Namespace: System.SecurityAssembly: mscorlib (in mscorlib.dll) ......

Posted On Friday, December 1, 2006 12:28 PM

Database Security Research
David Litchfield has found an interesting new security vulnerability in Oracle databases and also done a comparison on whether Oracle or SQL Server is more secure. Dangling Cursor Snarfing: A New Class of Attack in Oracle - http://securitywatch.eweek.... Which Database is More Secure? Oracle vs. Microsoft - http://www.databasesecurity... ......

Posted On Thursday, November 30, 2006 1:32 PM

SQL Truncation & Injection Attacks
Two useful MSDN security articles on preventing SQL injection attacks... Stop SQL Injection Attacks Before They Stop You: New SQL Truncation Attacks And How To Avoid Them: ......

Posted On Saturday, October 28, 2006 3:37 AM

Copyright © Devin A. Rychetnik | Powered by: | Join free