Category Archives: ASP.NET

Out-of-band Authorization

Posted on February 15, 2013 by pitz

A lot of applications require the need for an in-session authorization mechanism. This means that when an end-user is within an authenticated session, the end-user will be prompted to enter a set of credentials before he can be allowed to … Continue reading →

Posted in ASP.NET | Leave a comment

ASP.NET Session and Forms Authentication

Posted on June 30, 2011 by pitz

The title can be misleading, because in concept, one is not related to the other. However, a lot of web applications mix them up, causing bugs that are hard to troubleshoot, and, at worst, causing security vulnerabilities. A little bit … Continue reading →

Posted in ASP.NET | Tagged Security | 9 Comments

Yet Another Take on the Padding Oracle Exploit Against ASP.NET

Posted on October 13, 2010 by pitz

Or an example Padding Oracle attack in 100 lines of C# code. This post has been in my outbox for weeks, since I did not want to make it generally available before the patches were released. Now that the patches … Continue reading →

Posted in ASP.NET | Tagged ASP.NET, Security | 1 Comment

Category Archives: ASP.NET

Out-of-band Authorization

ASP.NET Session and Forms Authentication

Yet Another Take on the Padding Oracle Exploit Against ASP.NET

Categories

Recent Posts

Archives

Meta