|
|
-
|
|
This article describes what Cross-site request forgery attacks are and how to mitigate them.Cross-site request forgery (CSRF) is "a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trus...
|
|
-
|
|
The Microsoft Anti-Cross Site Scripting Library (Anti-XSS) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks.New features in version 3.1 of the Microsoft Anti-Cross Site Scripting Library incl...
|
|
-
|
|
For over three years I've been using NDepend. In this post I'll describe my thoughts on NDepend.As a freelancer I participate in several projects each year. Their size, quality, and size differ quite a lot, but a few times a year I feel the urge of using ...
|
|
-
|
|
Just found this free ebook on the Red Gate site:This book is for busy programmers who want a succinct and yet readable guide to C# 3.0 and LINQ. C# 3.0 Pocket Reference, written by Joseph and Ben Albahari, tells you exactly what you need to know, without ...
|
|
-
|
|
Last week I published the first stable release of CuttingEdge.Conditions.Download:The CuttingEdge.Conditions library and source code can be downloaded from CodePlex.com. Visit the homepage at conditions.codeplex.com or go directly to the download tab.As y...
|
|
-
|
|
.Net supports two kinds of delegates: Open delegates and closed delegates. When you create a delegate that points to an instance method, the instance that you created it from is stored in the delegate’s Target property. This property is passed ...
|
|
-
|
|
One common question about ASP.Net MVC is how to make “default” controller. Most websites will have a Home controller with actions like About, FAQ, Privacy, or similar pages. Ordinarily, these actions can only be accessed through URLs like ~/Home...
|
|
-
|
|
CSRF attacks are one of the many security issues that web developers must defend against. Fortunately, ASP.Net MVC makes it easy to defend against CSRF attacks. Simply slap on [ValidateAntiForgeryToken] to every POST action and include ...
|
|
-
|
|
What’s wrong with the following code? var names = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
...
if (names.Contains(sqlCommand.ExecuteScalar())
This code is intended to check whether the result of a SQL query is contai...
|
|
-
|
|
One common misconception about web security is that protecting important actions with CAPTCHAs can prevent XSS attacks from doing real damage. By preventing malicious code from scripting critical tasks, the idea goes, XSS injections won’...
|
|