Author: Darnie Graceline

Security in .Net – Creating Secured Applications (Validations)

/ Darnie Graceline / Leave a comment

Hi,

This post is a continuation of my previous post (Security in .Net – What to choose).

Once we have decided on the type of Application its important to know the security measures a developer has to take while developing the application. Developing secured applications starts from the scratch even from the design phase. We have the Security Development Lifecycle (SDL) given by Microsoft http://www.microsoft.com/security/sdl/default.aspx. The Security Development Lifecycle (SDL) is a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost.

After you have identified the key security concerns which is the second phase of the SDL ,the developer may have to think about all secured codes which would make the life of an Hacker difficult .

While Creating a Web Form / MVC Application its is important to perform Validation. Validation is a process of getting more appropriate data from the user, but in recent days the term  validation not only applies to getting appropriate data but also preventing our application from Cross Site Scripting Attack and SQlInjection.

We can perform validation on both Client Side and Server Side .

When would you implement a Client Side Validation ?

To have faster performance and to avoid overloading the server with request ,and to prevent the site from Cross Site Scripting and Sql Injection Attacks we perform Client Side Validation using Client Scripting Languages like JavaScript,JQuery ..

When would you implement a Server Side Validation ?

Before performing any database CRUD operations we have to perform a Server Side Validation using some of the well known Server Side Scripting Languages like Asp.Net,Php..

Which is best Client / Server Side Validation ?

The best practice is we have to perform validations on both the side (Client Side and Server Side),by doing this you are one step ahead in securing your web application 🙂

Happy Coding

WEBSITE SECURITY

/ Darnie Graceline / Leave a comment

Hi,

I will start this post with a simple question i.e What is Security ?

Security in software is hardening or tightening the path for hackers. Security has become the major issue in recent days because of Internet applications and cloud based applications. Therefore to enjoy the benefits of cloud computing and web hosting it is necessary to implement security at all levels.

As you may have heard or read ,security can be applied in different levels like

  • OS Level Security
  • Network Security
  • Application Level Security.

Having said that security can be applied on all levels, then what are the possible attacks ?

  • Operating system Attacks
  • Application level Attacks
  • Shrink Wrap code Attacks
  • Misconfiguration Attacks

In this post we are mainly going to see the Application vulnerabilities (Application Level Attacks) and the measures of creating a secured application :

OKie  before going into the details ,I would like to place some thought provoking questions to my dear developers

1. What is your application goal ? (Survey / Company Data / Payment Site)

2. Have you created security based Coding  ? (Yes / NO)

Whatever it may be the case it is important that every developer has to go in for the security based coding, though you may have firewalls ,IPS, IDS ..if you haven’t thought about security from application creation than your application is prone for hacking.

Types of Application Level Attacks :

types of attack

Before going into details of Application Attacks first you may have to know if some one has taken over your PC or pinging your PC . To detect that we have IPS and IDS. IPS is Intrusion Prevention System and IDS is Intrusion Detection System.

You have various open source tools for IPS and IDS ,the most commonly used tool is SNORT.

SNORT : Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) created by Martin Roesch in 1998.

SNORt : Networking IPS and IDS tool , Open Source

In this tutorial we will see how SNORT can be used as an IDS.

Step 1 : Install SNORT , WinPCap , Snort Rules

Step 2 : Configure SNORT

Step 3 : Run and Test SNORT

Step 1 :

Install Snort : https://www.snort.org

Under Download SNORT you can find various installers. Most of the downloads are for Linux if your going to run SNORT in Windows then you can go for Installer.exe

I have already downloaded and installed SNORT

Install WinPcap : Tool for capturing Packets

http://www.winpcap.org/install/

Download and Install WinPcap

I have downloaded and installed WinPcap

Download and Extract the Rules :

You can extract the Registered Rules .

But before that you may have to signup and then install

If you have Subscribed then you can go for Subscribed rules

or you can create an account and download rules from Registered Release

Note : Make Sure you have the same version of rules

I have already downloaded and extracted the rules

Inside rules folder copy the three rules (Preproc,Rules,So_rules) and Paste it in C:\Snort

where you have installed SNORT

Now you have done the setup

Darnie’s

/ Darnie Graceline / 2 Comments

The main Aim for Creating this Blog is to provide to all viewers an idea and fundamental  knowledge on developing applications for different OS through Online Video tutorials. This Blog also helps Software developers to build Enterprise Applications for different Technologies.

This Blog contains Video Tutorials (YouTube links) for the various Microsoft Software’s and other Mobile Apps development like Android ,Windows Phone, IOS.

__________________________________________________________________________________________