Estimated reading time: 16 minutes

Input Validation: The Good, The Bad, and the What the Hell are you Doing?

Pop quiz: How many of you do proper input validation in your ASP.NET site, WebForms, MVC, or otherwise? Some Background There is an axiom in computer science: never trust user input because it’s guaranteed to contain invalid data at some point. In security we have a similar axiom: never trust user input because it’s guaranteed to contain invalid data at some point, and your code is bound to contain a security vulnerability somewhere, somehow. Granted, it doesn’t flow as well as the former, but the point still stands. The solution to this problem is conceptually simple: validate, validate, validate. Every…

Estimated reading time: 13 minutes

The Importance of Elevating Privilege

The biggest detractor to Single Sign On is the same thing that makes it so appealing – you only need to prove your identity once. This scares the hell out of some people because if you can compromise a users session in one application it’s possible to affect other applications. Congratulations: checking your Facebook profile just caused your online store to delete all it’s orders. Let’s break that attack down a little. You just signed into Facebook and checked your [insert something to check here] from some friend. That contained a link to something malicious. You click the link, and…

Estimated reading time: 1 minute

Talking about Security Article Series

Over on the Canadian Solution Developer’s blog I have a series on the basics of writing secure applications.  It’s a bit of an introduction to all the things we should know in order to write software that doesn’t contain too many vulnerabilities. Obviously it’s not a series on everything you need to know about security, but hopefully it’s a starting point.  My goal is to get people to at least start talking about security in their applications. This is the series: Part 1: Development Security Basics Part 2: Vulnerability Deep Dive Part 3: Secure Design and Analysis in Visual Studio…