The security of information systems is a wide area. Its development followed that of information systems, whose development in turn followed advances in hardware. As computers and software have developed real fast: “To put it quite bluntly: as long as there were no machines, programming was no problem at all; when we had a few weak computers, programming became a mild problem, and now we have gigantic computers, programming had become an equally gigantic problem.” [1], so have developed the possibilities for security breaches.
Read the rest of this entry »

• 0 Comments

This paper briefly describes several common classes of coding error generally encountered when auditing web applications running on the Active Server Pages (ASP) platform. The paper is broken down into three broad sections, each of which addresses several common coding problems. The following is a list of the common errors that are discussed in this document, divided into three broad categories. The remainder of the document deals with each of these problems in turn. Any ASP code samples assume that the default language is VBScript, but all of the points apply equally to JavaScript. Equally, all occurrences of the SQL language assume that Microsoft SQL Server is being used as the back – end database.
Read the rest of this entry »

• 0 Comments

What Is Silverlight?
Silverlight is a new Web presentation technology that is created to run on a variety of platforms. It enables the creation of rich, visually stunning and interactive experiences that can run everywhere: within browsers and on multiple devices and desktop operating systems (such as the Apple Macintosh). In consistency with WPF (Windows Presentation Foundation), the presentation technology in Microsoft .NET Framework 3.0 (the Windows programming infrastructure), XAML (eXtensible Application Markup Language) is the foundation of the Silverlight presentation capability.
Read the rest of this entry »

• 0 Comments

Install the following software components on Windows Vista machine with at least 2GB RAM:
1. Visual Studio 2008
2. ASP.NET Extensions preview (http://asp.net/downloads/3.5-extensions/)
3. Silverlight Developer Tools (http://silverlight.net/GetStarted)
a. Silverlight 2 developer runtime
b. Silverlight 2 SDK
c. Silverlight 2 templates for Visual Studio 2008
d. Expression Blend 2 SP1
Read the rest of this entry »

• 0 Comments

The ASP.NET team is delivering a framework for generating Web applications that can take advantage of the latest capabilities in client functionality that fall under the general banner of Asynchronous JavaScript and XML (AJAX) and Rich Interactive Applications (RIA). The new Microsoft ASP.NET AJAX addition to the .NET Framework includes a suite of JavaScript libraries (the Client Framework or Client FX) that are the foundation for creating rich behaviors and control­like functionality in the browser. ASP.NET AJAX also includes a set of a server controls and base classes for extender controls (the Server Framework or Server FX) that provides AJAX programming functionality and experiences for ASP.NET Web developers.
Read the rest of this entry »

• 0 Comments

Microsoft provides a very simple layer between the web interface (asp.net 2.0) and the database. The object they use to perform this is the SqlDataSource. It works very well in many cases. It’s fast, easy to use and great for demonstration of technology and to show how fast you can program database type applications. It falls apart (IMHO) when the application starts getting larger and requiring more customization. It’s also very hard to maintain because at the end of the day, it puts most of what it does in the aspx page itself.
Read the rest of this entry »

• 0 Comments

This How To shows you how to create and configure a custom least-privileged service account to run an ASP.NET Web application. By default, an ASP.NET application on Microsoft Windows Server 2003 and IIS 6.0 runs using the built-in Network Service account. In production environments, you usually run your application using a custom service account. By using a custom service account, you can audit and authorize your application separately from others, and your application is protected from any changes made to the privileges or permissions associated with the Network Service account. To use a custom service account, you must configure the account by running the Aspnet_regiis.exe utility with the -ga switch, and then configure your application to run in a custom application pool that uses the custom account’s identity.
Read the rest of this entry »

• 0 Comments

All of the tutorials we’ve examined so far have used a tiered architecture consisting of presentation, Business Logic, and Data Access layers. The Data Access Layer (DAL) was crafted in the first tutorial (Creating a Data Access Layer) and the Business Logic Layer in the second (Creating a Business Logic Layer). Starting with the Displaying Data With the ObjectDataSource tutorial, we saw how to use ASP.NET 2.0’s new ObjectDataSource control to declaratively interface with the architecture from the presentation layer.
Read the rest of this entry »

• 0 Comments