links for 2009-07-09
-
This is sometimes a real cpu hog…ccmexec.exe and inventory.exe – what are they and what do they do?
-
Some useful tidbits…SciTE Quick-Reference Cheat Sheet.
-
Microsoft has identified several tools to assist administrators. These tools cover detection, defense, and identifying possible coding which may be exploited by an attacker.
-
…You can also find useful ASP.NET security information from this security blog post of mine, and from my ASP.NET Tips/Tricks page here.
-
Request validation is enabled by ASP.NET by default. You can see the following default setting in the Machine.config.comments file.
<pages validateRequest="true" … />
Confirm that you have not disabled request validation by overriding the default settings in your server's Machine.config file or your application's Web.config file. -
To counter SQL injection attacks, you need to:
* Constrain and sanitize input data. Check for known good data by validating for type, length, format, and range.
* Use type-safe SQL parameters for data access. You can use these parameters with stored procedures or dynamically constructed SQL command strings.
* Use an account that has restricted permissions in the database. Ideally, you should only grant execute permissions to selected stored procedures in the database and provide no direct table access.
* Avoid disclosing database error information. In the event of database errors, make sure you do not disclose detailed error messages to the user. -
This is a test.
-
…If you are interested in experiencing blacksmithing for yourself, the Artist-Blacksmith Association of North America is a great resource. A comprehensive list of educational resources is available on their Web site including shops and schools offering classes. You will get dirty and hot, but soon you’ll be hearing the ring of the anvil and learning a useful skill that can last a lifetime.
