Disclaimer

Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).

Sep 16, 2011

Bugs get fixed

My bug reporting has been on fire lately. This week I received confirmation from the Google security team that a security bug I reported was found worthy of a reward (a couple of weeks ago Google fixed some issues in their two-step verification procedure). I'll be blogging the details on the security issue anytime soon.

Just now, my hotmail told me that the Visual Studio 2010 firewall setup bug I blogged about last month will be fixed in the next major release of Visual Studio. Cool!

Now, if I could only find and fix my own damn bugs. :)

Sep 12, 2011

Announcing TransformTool

I've spent some of my spare time on a hobby project lately. I've been missing a tool that could help me easily encode or decode various pieces of information. When you're studying web applications you often come across values in cookies, URL parameters or forms that are encoded in one way or another. They might even be encoded multiple times with the same encoding function. It has been somewhat cumbersome to fiddle about with such pieces of information, that is until now!

I've created TransformTool, that lets you easily apply a series of encoding/decoding operations to an input. Just have a look at this example:


Sep 4, 2011

WIF security considerations

I've been working with WIF (Windows Identity Foundation) for the last couple of months, and have to admit I've spent some time googling for WIF articles explaining how the framework should be used. I'll be putting together a blog post on some of the most useful resources I've found when I find the time. However, you'll discover that there aren't many resources covering WIF and the nitty gritty security details out there. An MSDN article on WIF security was brought to my attention the other day (thanks Jonas!), so I figured I'd link to it sooner rather than later. It might be useful for some of you out there.

The article is titled Security considerations, and it's not easy to find on Google. It contains quite a few security considerations you'd want to look into if you're using, or are contemplating, to use WIF. Stay tuned for more WIF (security) stuff as my calendar hopefully frees up at work, and the golf season ends here in Norway.

Copyright notice

© André N. Klingsheim and www.dotnetnoob.com, 2009-2015. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.

Read other popular posts