So it looks like StackExchange Security is not going to work for WebAppSec and OWASP (since this question is exactly the type of question we should would like to see there How to implement url encryption on .xsl page using OWASP ESAPI? and that has been closed)) . That said, there are a couple good Q&A on the OWASP tag: http://security.stackexchange.com/questions/tagged/owasp
Saturday, 16 March 2013
Where to have AppSec Q&A threads (what about Reddit?)
Note: I wrote this a while back but somehow was stuck on my 'Drafts' folder (but the question is still relevant in March 2013)
So it looks like StackExchange Security is not going to work for WebAppSec and OWASP (since this question is exactly the type of question we should would like to see there How to implement url encryption on .xsl page using OWASP ESAPI? and that has been closed)) . That said, there are a couple good Q&A on the OWASP tag: http://security.stackexchange.com/questions/tagged/owasp
So it looks like StackExchange Security is not going to work for WebAppSec and OWASP (since this question is exactly the type of question we should would like to see there How to implement url encryption on .xsl page using OWASP ESAPI? and that has been closed)) . That said, there are a couple good Q&A on the OWASP tag: http://security.stackexchange.com/questions/tagged/owasp
Friday, 15 March 2013
Putting O2 content on Google Code's wiki (just like ZAP)
I really like what Simon is doing with Zap at https://code.google.com/p/zaproxy/wiki/Introduction?tm=6 and I think we should do the same with O2 (I would like to have used the main OWASP wiki, but it's to messy, heavy and lacks the ability to create a side navigation)
It will be at https://code.google.com/p/o2platform/wiki
The idea is that the O2 related blogs entries are used for how-to articles, and the wiki pages contain consolidated content and references links (to those blog entries)
This would give O2 users good kickstarters on particular topics, for example https://code.google.com/p/o2platform/wiki/Browser_Automation :)
If you want to help editing these pages, send me your google account id and i'll make you an editor
Writing an IE Automation script to login into UK’s Wifi (using O2 Platform’s WatiN ExtensionMethods)
Here is an example of how to write an O2 Platform IE Automation script that will login a user into a wifi connection that needs a username and password.
Open the IE Script tool which you can get from this stand-alone version (see Packaging an O2 Platform Script as a stand alone tool (in this case the WatiN based ‘IE Script’ tool) )
Open the IE Script tool which you can get from this stand-alone version (see Packaging an O2 Platform Script as a stand alone tool (in this case the WatiN based ‘IE Script’ tool) )
Thursday, 14 March 2013
Creating a new TeamMentor test site using TeamCity, GitHub and Azure
Serge just asked me to create a new TeamMentor (TM) website for him using a particular TM library, so here are the steps I took (note: some of this will be automated in the next TM release)
Prob with (older version of) NGit where it was failing to create Git repositories in Azure/TeamCity
Using an NGit version from a couple months ago.
Manually adding a code complete reference to the FLuentSharp C# REPL editor (using a 'Script the Script' editor)
Let’s say that you are in the C# REPL editor and you want to manually add a dll to be taken into account by the code complete engine (useful in the 5.1 version of the O2 Platform which had a bug that prevents some references from loading)
For example, let say you added the O2_FluentSharp_NGit.dll reference:
For example, let say you added the O2_FluentSharp_NGit.dll reference:
Setting up a apache (httpd) based git server (using an O2 Platform script)
Following from the instructions on this blog post Hosting a Git server under Apache on Windows and after installing git and apache locally
I wrote this O2 script:
I wrote this O2 script:
Really nasty bug created by different behavior of WCF Security Principal in Azure (vs Locally in IIS or Cassini)
A couple days ago, I spent most of one day 'bashing my head against a brick wall' due to an authorization bug that only happened in Azure!
Here are the rough screenshots I took when I was debugging it (the extra logging entries where added to help me understand what was going on (in Azure and locally))
Here are the rough screenshots I took when I was debugging it (the extra logging entries where added to help me understand what was going on (in Azure and locally))
Catching an Exception in RazorSharp
Here is a cshtml RazorSharp page that shows how to catch an exception (note the multiple mixes of code and HTML)
Tuesday, 12 March 2013
The Email RegEx that (could had) DOSed a site
While I was writing the UnitTests for TeamMentor's NewUser validator (see Validating a POCO DataContract using .NET's DataAnnotations Validator ), I had a weird result in one of the tests.
I basically got a 'never ending execution' scenario on this UnitTest:
I basically got a 'never ending execution' scenario on this UnitTest:
Validating a POCO DataContract using .NET's DataAnnotations Validator
In order to make sure that the TeamMentor server only creates users with valid data, here is how I implemented data validation into the NewUser class using .NET's DataContract annotations.
The first step was to add the annotations to the NewUser object, which originally looked like this:
The first step was to add the annotations to the NewUser object, which originally looked like this:
Monday, 11 March 2013
Another GitHub ‘Normal’ status that doesn’t allow me to Push
It took me 5 attempts over about 10m (from 7:40pm on 11th Mar 2013) to get a commit pushed into GitHub’s servers:
What happenned to my CPU and Memory when I restarted VisualStudio 2010
When I shutdown VisualStudio 2010
How PBKDF2 interactions affected UnitTests performance by 2.5x
With PBKDF2 support enabled all the time: 1min 20sec
Saturday, 9 March 2013
Adding an Id field to an HTML element using jQuery (to help UnitTesting)
Michael just asked me to add an Html ID attribute to help him with the UnitTesting of teamMentor:
Is this a safe way to do a .NET Server Redirects? (and deal with A10: Unvalidated Redirects and Forwards)
The objective is to prevent A10: Unvalidated Redirects and Forwards in TeamMentor (version 3.3 had an issue with it)
Here is the code that does the redirection from user import (LoginReferer parameter):
Here is the code that does the redirection from user import (LoginReferer parameter):
Friday, 8 March 2013
Why we use Cassini instead of IIS Express
Following the IIS vs Cassini different behaviors on ASP.NET Server.Transfer post, Barry commented on Twitter that I should use IIS Express instead:
so I decided to try it (which you can read bellow)
so I decided to try it (which you can read bellow)
Thursday, 7 March 2013
GitHub.com needs to improve their the 'Normal' status definition and error reporting dashboard
At the moment (i.e. when I wrote this post), all should be 'Normal' with GitHub, since according to their status, their world looks like this:
IIS vs Cassini different behaviors on ASP.NET Server.Transfer
Here is the problem.
Opening the page http://localhost:3187/passwordForgot (which is served by Cassini) works OK:
Opening the page http://localhost:3187/passwordForgot (which is served by Cassini) works OK:
Seeing an NGit Diff by using reflection to access the internal Sharpen.ByteArrayOutputStream Class
I was trying to get the NGif diff output stream, but hit on an issue that the Sharpen.ByteArrayOutputStream class is internal
The Power of UnitTests when refactoring code (for example Security Pages)
Following a use-case usability requirement, I just changed the new TeamMentor ’password forgot’ page ...
Viewing the C# MethodStream for a WebMethod
I was debugging an issue with TeamMentor WebServices and created a view that gave me the MethodStreams for all its source code
MethodStreams are virtual files that contain all relevant 'call-flow source-code' for a particular starting methods (note: MethodStreams are one of O2’s biggest innovation on the SAST world)
MethodStreams are virtual files that contain all relevant 'call-flow source-code' for a particular starting methods (note: MethodStreams are one of O2’s biggest innovation on the SAST world)
Using Chrome inside a native VisualStudio pane (using Window Handle Hijacking)
To help me debug and visualize an AngularJS page I was developing, I used the O2’s Window Handle Hijack technique to insert an Chrome window inside VisualStudio 2010.
Here it is in action:
Here it is in action:
Subscribe to:
Posts (Atom)