Click here to Skip to main content
11,487,721 members (74,962 online)

Articles by CdnSecurityEngineer (Technical Blogs: 28, Tip/Trick: 1)

Technical Blogs: 28, Tip/Trick: 1

RSS Feed
No articles have been posted.

Average blogs rating: 4.88

Client side scripting
General
Posted: 11 Feb 2013   Updated: 11 Feb 2013   Views: 6,610   Rating: 5.00/5    Votes: 1   Popularity: 0.00
Licence: The Code Project Open License (CPOL)      Bookmarked: 1   Downloaded: 0
Intro This is the second post in a series on cross site scripting(XSS). In this entry I examine cross site scripting and the way that it can creep into our programs and what different cross site scripting input strings look like. Once we develop a deep understanding of XSS, I’ll show you how t
Posted: 19 Feb 2013   Updated: 19 Feb 2013   Views: 3,340   Rating: 5.00/5    Votes: 2   Popularity: 1.51
Licence: The Code Project Open License (CPOL)      Bookmarked: 1   Downloaded: 0
Intro This is post #3 on a cross site scripting tutorial, during this post I examine how to exploit xss attack vectors in a variety of manners & their consequences. I have decided not to make the code, demonstrable for this entry. The reason being is the code could be used for less then good [...]
Web Security
General
Posted: 10 Jul 2013   Updated: 11 Jul 2013   Views: 6,600   Rating: 4.86/5    Votes: 5   Popularity: 3.36
Licence: The Code Project Open License (CPOL)      Bookmarked: 7   Downloaded: 0
I prove everyone who’s ever said XSS isn’t a serious vulnerability wrong.
Posted: 25 Jul 2013   Updated: 25 Jul 2013   Views: 5,210   Rating: 5.00/5    Votes: 1   Popularity: 0.00
Licence: The Code Project Open License (CPOL)      Bookmarked: 3   Downloaded: 0
The reality is that, today’s information security landscape sucks, attacks are becoming more sophisticated, and getting folks involved in producing the software thinking about security seems like a losing battle.
Security
Posted: 11 Feb 2013   Updated: 11 Feb 2013   Views: 3,450   Rating: 5.00/5    Votes: 2   Popularity: 1.51
Licence: The Code Project Open License (CPOL)      Bookmarked: 3   Downloaded: 0
Intro Many organizations have switched in recent years to performing some form of code review, this trend is absolutely great as I am a big believer in the code review as part of early defect detection strategies. During the course of the normal code review, developers are looking for things such as
Posted: 27 Jul 2014   Updated: 27 Jul 2014   Views: 3,430   Rating: 4.50/5    Votes: 2   Popularity: 1.51
Licence: The Code Project Open License (CPOL)      Bookmarked: 4   Downloaded: 0
Intro & Reasoning We’ve all heard of, considered and know what a Design Pattern in software is. Or do we? Software design patterns were really made famous in 1994 by the gang of 4. These patterns provided the bedrock of…Read more ›
Posted: 2 Aug 2014   Updated: 2 Aug 2014   Views: 4,530   Rating: 5.00/5    Votes: 2   Popularity: 1.51
Licence: The Code Project Open License (CPOL)      Bookmarked: 4   Downloaded: 0
Intro – Secure Process Creation I chose the Secure Process Creation pattern as the first pattern to kick of the series on security design patterns because process creation is everywhere in the software world today. Ensuring that the way processes…Read more ›
Posted: 4 Aug 2014   Updated: 4 Aug 2014   Views: 3,720   Rating: 5.00/5    Votes: 1   Popularity: 0.00
Licence: The Code Project Open License (CPOL)      Bookmarked: 2   Downloaded: 0
Intro This is an interesting topic, my reasoning for writing this will become clear in the not too distant future, however not many organizations that are actively writing code have many folks focused or dedicated exclusively to security, if you…Read more ›
Posted: 27 Sep 2014   Updated: 27 Sep 2014   Views: 3,750   Rating: 5.00/5    Votes: 1   Popularity: 0.00
Licence: The Code Project Open License (CPOL)      Bookmarked: 3   Downloaded: 0
Pillars of application security
Posted: 16 Oct 2014   Updated: 16 Oct 2014   Views: 1,690   Rating: 5.00/5    Votes: 1   Popularity: 0.00
Licence: The Code Project Open License (CPOL)      Bookmarked: 2   Downloaded: 0
When you want to buy something that you can afford, what do you do? Well if you’re like most people you go to some financial institution and take out a loan in the amount of the item you wish to…Read more ›The post Application Security Economics appeared first on Security Synergy.
Posted: 25 Oct 2014   Updated: 25 Oct 2014   Views: 2,250   Rating: 5.00/5    Votes: 1   Popularity: 0.00
Licence: The Code Project Open License (CPOL)      Bookmarked: 1   Downloaded: 0
Scalable Security Engagement Problem
Posted: 28 Oct 2014   Updated: 28 Oct 2014   Views: 2,250   Rating: 5.00/5    Votes: 1   Popularity: 0.00
Licence: The Code Project Open License (CPOL)      Bookmarked: 4   Downloaded: 0
One of the easiest things to do is to say that your organization wants to improve security because of x,y,z factors across the industry. A much harder thing to do is to describe what affect this will have on your…Read more ›The post Quantify Your Security Position appeared first on Secur
Posted: 8 Nov 2014   Updated: 8 Nov 2014   Views: 3,630   Rating: 5.00/5    Votes: 3   Popularity: 2.39
Licence: The Code Project Open License (CPOL)      Bookmarked: 3   Downloaded: 0
The identity provider security pattern is a pattern that is employed just at the name suggests, it provides and identity of a subject (user/automated system/job) or what have you to the entire larger system. The identity provider pattern is built…Read more ›The post Identity Provider Sec
Posted: 12 Nov 2014   Updated: 12 Nov 2014   Views: 2,910   Rating: 5.00/5    Votes: 1   Popularity: 0.00
Licence: The Code Project Open License (CPOL)      Bookmarked: 2   Downloaded: 0
When you’ve worked in the security space long enough with various organizations you quickly discover there isn’t a shortage of security vendors that are willing to help you and your organization with their wonderful security products, processes and services. I…Read more ›The
Posted: 9 Feb 2015   Updated: 9 Feb 2015   Views: 3,030   Rating: 5.00/5    Votes: 3   Popularity: 2.39
Licence: The Code Project Open License (CPOL)      Bookmarked: 3   Downloaded: 0
What view should a security individual working in the security space have? What’s their role? Should they know software development, or only security? Should they do testing, or should they only provide direction, what level of direction should they provide?…Read more ›The post Sec
Content Management Server
General
Posted: 30 Jan 2014   Updated: 30 Jan 2014   Views: 4,920   Rating: 4.74/5    Votes: 9   Popularity: 4.77
Licence: The Code Project Open License (CPOL)      Bookmarked: 7   Downloaded: 0
Exploiting managed memory
General Graphics
General
Posted: 21 Feb 2015   Updated: 21 Feb 2015   Views: 2,530   Rating: 5.00/5    Votes: 1   Popularity: 0.00
Licence: The Code Project Open License (CPOL)      Bookmarked: 2   Downloaded: 0
There’s an on going debate in the cyber security community that to be good a cyber security you need to think like an attacker. The danger with this ideology is that it’s prophetically false and leads to a false sense…Read more ›The post Think Like a General appeared first on
.NET Framework
General
Posted: 20 Oct 2014   Updated: 20 Oct 2014   Views: 7,070   Rating: 4.94/5    Votes: 20   Popularity: 6.42
Licence: The Code Project Open License (CPOL)      Bookmarked: 19   Downloaded: 0
Every couple of years, the Open Web Application Security Project (OWASP) publishes their top 10 security vulnerabilities of the day based on hacks & information that it has seen, every time security misconfiguration makes the list. Now if you consider…Read more ›The post Protecting .NET
Internet / Network
Network
Posted: 4 Feb 2015   Updated: 4 Feb 2015   Views: 2,810   Rating: 3.86/5    Votes: 3   Popularity: 1.62
Licence: The Code Project Open License (CPOL)      Bookmarked: 3   Downloaded: 0
Long gone are the days when networks could be relied upon to provide security for your organization, old theories about applications and databases, and servers being behind the firewall and therefore safe is the ideology of those who refuse to…Read more ›The post AppSec Don’t Trust
Work Issues
Recruiting and Job hunting
Posted: 11 Feb 2013   Updated: 11 Feb 2013   Views: 10,860   Rating: 4.25/5    Votes: 4   Popularity: 2.61
Licence: The Code Project Open License (CPOL)      Bookmarked: 5   Downloaded: 0
I truly believe programing tests during an interview are pointless.
Uncategorised Technical Blogs
General
Posted: 25 Jul 2014   Updated: 25 Jul 2014   Views: 4,990   Rating: 5.00/5    Votes: 5   Popularity: 3.49
Licence: The Code Project Open License (CPOL)      Bookmarked: 4   Downloaded: 0
At work, I’ve been asked how spoof an IP address, for a variety of reasons. The teams I usually work with, deal exclusively with Web Services, Web Applications, and C#. They’re very competent developers/engineers and occasionally some of the…Read more ›
Posted: 4 Aug 2014   Updated: 4 Aug 2014   Views: 3,480   Rating: 5.00/5    Votes: 4   Popularity: 3.01
Licence: The Code Project Open License (CPOL)      Bookmarked: 2   Downloaded: 0
Your Software is insecure If this is the first time you’ve heard this, or you believe otherwise, you’re honestly in the wrong field. Software as good as it is, as useful as it is, as wonderfully inventive as it is,…Read more ›
Posted: 18 Oct 2014   Updated: 18 Oct 2014   Views: 2,680   Rating: 5.00/5    Votes: 2   Popularity: 1.51
Licence: The Code Project Open License (CPOL)      Bookmarked: 0   Downloaded: 0
I’ve worked in large organizations where IT and software was the means to an end by supporting business and I’ve worked in purely technical organizations where software & IT was our business. These organizations both had information security (InfoSec) groups…Read more ›The po
Reviews on Third Party Products and Tools
Community Reviews
Posted: 19 Feb 2014   Updated: 19 Feb 2014   Views: 3,890   Rating: 5.00/5    Votes: 1   Popularity: 0.00
Licence: The Code Project Open License (CPOL)      Bookmarked: 0   Downloaded: 0
I’ve been in the high tech market for 8 years now, granted compared to some of my colleagues I am still the neophyte in the cube block. In those eight years, I’ve worked for big companies and start ups alike.…Read more ›
Posted: 22 Sep 2014   Updated: 22 Sep 2014   Views: 3,080   Rating: 4.40/5    Votes: 3   Popularity: 1.91
Licence: The Code Project Open License (CPOL)      Bookmarked: 2   Downloaded: 0
I recently read through what Eric Bloom had to say about building an IT career. Eric Bloom is the president for Manager Mechantronics and he’s got some insightful advice. I think he’s also got some advise that steers a lot…Read more ›The post Building a Technology Career appe
Posted: 23 Sep 2014   Updated: 23 Sep 2014   Views: 2,870   Rating: 5.00/5    Votes: 3   Popularity: 2.39
Licence: The Code Project Open License (CPOL)      Bookmarked: 1   Downloaded: 0
Building An Application Security Program: Business Agreement Starting An Application Security Program Getting Business to agree to start an application security program is one of the hardest obstacles you will face In light of the ever ending stream of large…Read more ›The post Applicati
Posted: 27 Sep 2014   Updated: 27 Sep 2014   Views: 3,430   Rating: 5.00/5    Votes: 1   Popularity: 0.00
Licence: The Code Project Open License (CPOL)      Bookmarked: 0   Downloaded: 0
Your foundation is laid and you know what you’ve got an idea of what you’re going to do, and what you want out of your security program, you’ve got well defined founding principals (your pillars) Now that you know that…Read more ›The post Application Security Charter ap
General
Posted: 6 Feb 2015   Updated: 6 Feb 2015   Views: 1,070   Rating: 5.00/5    Votes: 2   Popularity: 1.51
Licence: The Code Project Open License (CPOL)      Bookmarked: 0   Downloaded: 0
We all use them, vendors and we either have great, terrible, functional, respectful, non-functional relationships with them. The fact of the matter is your organization doesn’t have the time, expertise or the skill set to build all the software we…Read more ›The post Your Security

Average tips rating: 5.00

Web Security
General
Posted: 7 Feb 2013   Updated: 7 Feb 2013   Views: 4,860   Rating: 5.00/5    Votes: 2   Popularity: 1.51
Licence: The Code Project Open License (CPOL)      Bookmarked: 8   Downloaded: 0
It only takes a few minutes to run a ZAP attack scan, which can quite possibly save your firm and you a lot of trouble in the future!
No reference articles have been posted.

CdnSecurityEngineer
Engineer
Canada Canada
I am a Sr Engineer for a major security firm; I have been developing software professionally for 8 years now; I've worked for start ups, small companies, large companies, myself, education. Currently the company I work for has 7,000+ employees worldwide. I am responsible for our platform security, I write code, implement features, educate other engineers about security, I perform security reviews, threat modeling, continue to educate myself on the latest software. By night, I actively work to educate other developers about security and security issues. I also founded a local chapter of OWASP which I organize and run.

I cut my teeth developing in C++ and it's still where my heart is with development, lately I've been writing a lot of C# code & some java, but I do have a project or two coming out in C++ /DiectX 11 whenever I get the time.

When I am not developing code I am spending my time with my wife and daughter or I am lost deep in the woods some where on a camping trip with friends. If you can't find me with a GPS and a SPOT device then chances are I am on the Rugby pitch playing Rugby and having a great time doing so.


You can find more about me and My thoughts on security
Follow on   Twitter


Advertise | Privacy | Mobile
Web04 | 2.8.150520.1 | Last Updated 27 May 2015
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid