[Security] The security craftsman - Part 2

January 3, 2009 - 11:39 CET The next morning I got my first go at a real system for a real customer. One of the company's clients had recently had a successful hacking attempt on one of their systems, and they wanted us to review and fix it.
[...]

0 comment(s) | Permalink | | This entry has been viewed 1074 time(s).

[Security] The security craftsman - Part 1

December 8, 2008 - 21:09 CET Today was a disaster - I really messed it up.
[...]

0 comment(s) | Permalink | | This entry has been viewed 1280 time(s).

[Security] Looking at some SQL injection attacks

November 11, 2008 - 19:21 CET I just posted a new blog entry over at honeynor.no with at analysis of some of the SQL-injection attacks we've seen in Norway lately. Read the full post here: http://www.honeynor.no/2008/11/11/looking-at-some-sql-injection-attacks/[...]

0 comment(s) | Permalink | | This entry has been viewed 862 time(s).

[Security] This week's virus - .doc or .exe?

October 29, 2008 - 08:34 CET This week I have received several samples of a very similar looking malware. It's basically a .zip-file containing a "document". The last version I got was from "Your UPS". The reason I'm writing document with quotes is that it first appears to be a .doc file, but it has an .exe extension at the end after a lot of white space:
[...]

0 comment(s) | Permalink | | This entry has been viewed 1455 time(s).

[Security] Speaker at SecVest#3

September 27, 2008 - 19:09 CEST I attended SecVest in Bergen for the first time this year. It was an interesting experience.
[...]

0 comment(s) | Permalink | | This entry has been viewed 1079 time(s).

[Security] Speaker at JavaZone 08

September 20, 2008 - 12:01 CEST This year I was accepted as a speaker at Javazone here in Oslo. Markus Harboe from mnemonic and I had a presentation about the state of security in norwegian web applications, and what developers and project managers can do about it.
[...]

0 comment(s) | Permalink | | This entry has been viewed 914 time(s).

[.NET] Disabling CRL check for IIS on Windows XP

August 22, 2008 - 13:14 CEST I was trying to figure out how to use client certificates with IIS, but IIS kept complaining with a message of "HTTP 403.13 - Forbidden: Client certificate revoked", even though the certificate was not revoked.
[...]

1 comment(s) | Permalink | | This entry has been viewed 3222 time(s).

[Security] Blackhat USA 2008

August 17, 2008 - 14:53 CEST This year I attended Blackhat USA for the first time, and it was also my first trip to Las Vegas.
[...]

0 comment(s) | Permalink | | This entry has been viewed 764 time(s).

[.NET] LINQ to SQL and SQL Injection

June 19, 2008 - 00:36 CEST The last couple of days I've been attending NDC2008(Norwegian Developer Conference) here in Oslo. Mats Torgersen's talk on LINQ under the covers was quite interesting.
[...]

0 comment(s) | Permalink | | This entry has been viewed 3526 time(s).

[.NET] ActiveDirectoryMembershipProvider does not work with ADAM and user proxies

June 5, 2008 - 09:22 CEST We tried to setup an ADAM in our test environment that is using user proxies against AD. While the ActiveDirectoryMembershipProvider works with normal ADAM user accounts, we could not, however, log in with any of our proxy accounts.
[...]

0 comment(s) | Permalink | | This entry has been viewed 1776 time(s).

< Previous[1 - 10][11 - 20][21 - 30][31 - 40][41 - 50][51 - 60][61 - 70][71 - 80][81 - 90][91 - 100][101 - 101]Next >

About Erlend

I'm a senior consultant at Bekk Consulting AS. This blog is about software development, with a special focus on security.

Follow me on twitter

31.08	[Security] Rails 3.0 and XSS-protection
6.07	[Security] Avoiding NoSQL-injection with MongoDB
27.06	[Security] NOSQL-injection
7.06	[.NET] Microsoft Pex - exploratory testing
18.05	[Security] Security podcasts