Click here to Skip to main content

Submit your article

Security

security

Great Reads

Protecting .NET 4.+ Application By C++ [Unmanaged]

by The Ænema

Learn how to inject your 4.5 framework .NET application into a C++ unmanaged host application. Fast, Secure & without any extra tool or library.

The Secrets of Google Chrome Credentials

by Michael Haephrati

Chrome stores all passwords and other credentials in an encrypted database but guess what: they can be retrieved by anyone with the proper knowledge. This article will show you how.

Reverse Engineering with OllyDbg

by Ajay K. Yadav

The objective of writing this paper is to manifest, how to crack an executable without peeping its source code by exercising OllyDbg tool.

Evolution of Polymorphic Malware

by Kewin Rausch

An introduction on how these applications self-defend themselves against scanning techniques, and how they could have evolved from simple and naive forms to more sophisticated ones.

Latest Articles

Authentication-flows-js - Customizable Framework for Express-based Web Applications

by Ohad Redlich

authentication-flows-js is a powerful and highly customizable framework that covers all flows that any express-based authentication-server needs

Tutorial: Enforcing Security and Compliance Policies in CloudFormation with Bridgecrew

by Mike Urbanski

In this article, we'll walk through the process of configuring Bridgecrew to scan a CloudFormation deployment, run the scans, find issues, and fix them.

Kubernetes Best Practices: Security

by Robert_Brennan

In this article let’s look at three common security challenges, and how to overcome them.

Row Level Data Security in Tableau - Part 1

by Imran Abdul Ghani

Step by Step Implementation of Row Level Data Security in Tableau

All Articles

Security

Protecting .NET 4.+ Application By C++ [Unmanaged]

25 Mar 2018

The Ænema

Learn how to inject your 4.5 framework .NET application into a C++ unmanaged host application. Fast, Secure & without any extra tool or library.

The Secrets of Google Chrome Credentials

30 Jan 2017

Michael Haephrati

Chrome stores all passwords and other credentials in an encrypted database but guess what: they can be retrieved by anyone with the proper knowledge. This article will show you how.

Reverse Engineering with OllyDbg

28 Oct 2014

Ajay K. Yadav

The objective of writing this paper is to manifest, how to crack an executable without peeping its source code by exercising OllyDbg tool.

Evolution of Polymorphic Malware

14 Apr 2018

Kewin Rausch

An introduction on how these applications self-defend themselves against scanning techniques, and how they could have evolved from simple and naive forms to more sophisticated ones.

OWASP #6 Preventing Sensitive Data Exposure in ASP.NET – Part 1

16 Feb 2016

Max R McCarty

OWASP's #6 most vulnerable security risk has to do with keeping secrets secret.

JWT Security Part 2, Secure REST service

4 Sep 2017

Bart-Jan Brouwer

Learn how to create JWT and use with WebApi, REST and MVC all build with .Net Core

JWT Security Part 3, Secure MVC application

4 Sep 2017

Bart-Jan Brouwer

Learn how to create JWT and use with WebApi, REST and MVC all build with .Net Core

T-SQL reporting engine

20 Jun 2013

Levente Kupás

If you have big reports which run slowly, you may use this T-SQL based engine to speed-up them.

SQL-Server-2008

YAPM (Yet Another Password Manager)

10 Mar 2018

Joe Dillon

This article describes the security techniques required to create a secure offline password manager and how the Libsodium library has been used to achieve this. YAPM stores passwords with AES encryption and authenticates users with an Argon2 hash.

Hot Patching C/C++ Functions with Intel Pin

27 Aug 2019

Dan Sporici

This article discusses the idea of Hot Patching C/C++ functions using Intel Pin in order to remove known vulnerabilities

Overview of Azure Key Vault

10 Nov 2018

DataBytzAI

What is Azure Key Vault and where is it useful?

Understanding the FPGA: From Developing Configurations to Building a VGA Driver

18 Feb 2019

Apriorit Inc, ruksovdev

A detailed description of an FPGA-specific framework called ISE Design Suite, and the main steps you need to take in order to create a VGA driver using FPGA

artificial-intelligence

machine-learning

parallel-processing

SecurePHPWebAppCoding - Cross Site Scripting(XSS) - What is it and How to Stop It?

26 Sep 2014

Abani Kumar Meher

This article explains few scenarios where XSS attack can be done, how we make mistake while creating web application which leads to XSS vulnerability and what should be done to prevent XSS attacks.

Security Engineer Manifesto

9 Feb 2015

CdnSecurityEngineer

Security Engineer manifesto

Data Encryption in Azure

8 Nov 2018

DataBytzAI

Overview of encryption at rest, in motion and in use with Azure Encryption

OWASP #6 Preventing Sensitive Data Exposure in ASP.NET – Part 2

26 Feb 2016

Max R McCarty

How are you storing that sensitive application data and should you be?

SQL Server Brute Force Attack Detection: Part 4

30 Apr 2018

Ryan G Conrad

Using Powershell and Windows Task Scheduler API to detect malicious login attempts on a remotely accessible SQL Server database

Kubernetes Best Practices: Security

21 Jul 2020

Robert_Brennan

In this article let’s look at three common security challenges, and how to overcome them.

11 Oct 2013

ASP.NET Community

AJAX adds one more wrinkle to web security. I find that videos and demonstrations help me understand subtle topics like this.VideosSecurity in

Rogue Wave OpenLogic: A Review

16 Jun 2015

Chris_Riley

I recently spent some time with Rogue Wave OpenLogic product. OpenLogic is an “open source” component review tool.

Security Best Practices for Android 5.0

30 Oct 2015

Android on Intel

In this article, I will describe four best practices for Android device management.

Mule ESB + PGP: Pretty Good Privacy

22 May 2016

RajeshKumar D

Configuring PGP Encryption and Decryption part of MULE ESB

30 Aug 2018

Member 10280272

Cyber Security techniques for web sites

Smart Contract Security Guaranteed by the Network: Cardano and Zilliqa

24 Jan 2019

Apriorit Inc, MikeSotnichek

The article is about smart security contract in Cardano and Zilliqa with a description of testing both networks.

How to Implement a Custom Blockchain for Your Business: Graphene Framework

5 Feb 2019

Apriorit Inc, MikeSotnichek

The experience of creating a custom blockchain network using the Graphene framework.

Row Level Data Security in Tableau - Part 1

11 Jun 2020

Imran Abdul Ghani

Step by Step Implementation of Row Level Data Security in Tableau

Authentication-flows-js - Customizable Framework for Express-based Web Applications

27 Apr 2021

Ohad Redlich

authentication-flows-js is a powerful and highly customizable framework that covers all flows that any express-based authentication-server needs

Server error response vulnerability - HTTP 500

1 Mar 2011

Bryian Tan

Server error response vulnerability - HTTP 500

Creating Twitter STS with ASP.NET MVC and WIF

7 May 2013

Dmitry Tretyakov

Step by Step tutorial describes how to create custom Security Token Service.

Code Access Security

11 Oct 2013

ASP.NET Community

Code Access Security is one of the least-understood but most valuable aspects of the .NET Framework.WebcastsMSDN Webcast: Using Code Access

SQL Server Security

11 Oct 2013

ASP.NET Community

There's a lot of great information on SQL Server Security covering both SQL Server 2000 and 2005.Blogs/DevCentersSQL Server 2005 Security on

Threat Modeling

11 Oct 2013

ASP.NET Community

It's absolutely necessary if you're serious about security.Whitepapers/Books/BlogsThreat Modeling for ASP.NET (PDF) - an excellent white

Security Guidelines and Recommendations

11 Oct 2013

ASP.NET Community

There's a great deal of good prescriptive security guidance out there in the form of whitepapers and books.Whitepaperspatterns & practices

11 Oct 2013

ASP.NET Community

Here are a few good tutorial articles that provide a good conceptual overview of how the new membership and role management system works. Check out

how to use login control on remote computer (live web site)

11 Oct 2013

ASP.NET Community

step1. drag create use wizard and drop on design window on your web page(default1.aspx).step2. go to website tab and click on asp.net

Intel® Hardware-based Security Technologies Bring Differentiation to Biometrics Recognition Applications Part 2

1 Feb 2016

Android on Intel

High Performance and Security Software-Based Encryption by Intel® Advanced Encryption Standard New Instructions and Intel® Secure Key

5 Tips to Get the Most out of Your Cloud Infrastructure

18 Jan 2017

Alibaba Cloud

Here are five top tips from our expert team to help you maximize the benefits of your cloud infrastructure.

Missteps in Securing Autonomous Vehicles

24 Feb 2017

Intel Corporation

It is important to institute optimal security capabilities as part of the design and core functions (Hardware, Firmware, OS/RTOS, software, endpoints, networks, etc.) to protect passengers and pedestrians from potentially catastrophic accidents resulting from digital compromises

Hooking Linux Kernel Functions, Part 1: Looking for the Perfect Solution

9 Jan 2019

Apriorit Inc

Two theoretical ways to protect a Linux kernel module from hooks.

Hooking Linux Kernel Functions, Part 3: What Are the Main Pros and Cons of Ftrace?

17 Jan 2019

Apriorit Inc

In this article, we focus on the main ftrace pros and cons and describe some unexpected surprises we’ve faced when hooking Linux kernel functions with this utility.

Hooking Linux Kernel Functions, Part 2: How to Hook Functions with Ftrace

22 Jan 2019

Apriorit Inc, Sergey Stepanchuk

Learn how you can use ftrace to hook critical function calls in the Linux kernel

Formal Verification of Smart Contracts with the K Framework

15 Mar 2019

Apriorit Inc, MikeSotnichek

We analyze the pros and cons of formal verification.

Intel® Device Protection Technology and McAfee Mobile Security for Android*

17 Nov 2014

Android on Intel

Recent industry reports indicate Android* is the OS in more than 59 percent of laptops, tablets and smartphones worldwide.

Intel Business Client Platforms

20 Sep 2012

Russel Beutler

Whether you’re developing for unmanaged small business, or enterprise-level IT departments, 3rd Generation Intel® Core™ processor-based PC and mobile platforms are designed to help you meet the needs of your customers.

product-showcase

DevOps needs DevSec

1 Dec 2015

Mark_Warren

Working with customers and partners, here is an overview of the need for DevSec and the five ‘best practice’ questions to ask when looking how to have a better ‘DevSec’ strategy

product-showcase

Intel® Hardware-based Security Technologies Bring Differentiation to Biometrics Recognition Applications Part 1

14 Jan 2016

Android on Intel

Intel® Hardware-based Security Technologies Bring Differentiation to Biometrics Recognition Applications

product-showcase

An eCryptfs-Based Solution for Securing Your Data on Android

14 Jan 2016

Android on Intel

I will describe a new way to implement security for sensitive data based on eCryptfs (eCryptfs.org).

product-showcase

Internet of Things Security Architecture

26 Sep 2016

Yuri Diogenes

The objective of threat modeling is to understand how an attacker might be able to compromise a system and then make sure appropriate mitigations are in place. Threat modeling forces the design team to consider mitigations as the system is designed rather than after a system is deployed.

product-showcase

Application Security: Where You Want It, When You Need It with Visual Guard

11 Jul 2014

Jeffrey T. Fritz

I’ve been reviewing Novalys Visual Guard for the last 2 weeks, and found some really interesting nuggets in this package that would make my network administrators stand up and take notice.

web_development

product-showcase

Getting Started With Predix - A Builders Journey - Episode 1

19 Jan 2017

Rich Dost

In this first episode we'll tackle the first thing, security. We are at the start of a journey. We'll learn about many Predix services and components. We'll find the good, the bad and the ugly, and we'll complain the whole way. After security we'll hit Asset and Analytics.

product-showcase

Acunetix WVS – Audit Your Website Security

29 Sep 2014

Dirk_Strauss

Acunetix WVS audits your website security by running a host of tests. It then provides a concise report of issues it found. Not only does it do this, but it also suggests changes you need to make to fix the issues found.

product-showcase

Tutorial: Enforcing Security and Compliance Policies in CloudFormation with Bridgecrew

26 Oct 2020

Mike Urbanski

In this article, we'll walk through the process of configuring Bridgecrew to scan a CloudFormation deployment, run the scans, find issues, and fix them.

product-showcase

SQL Server Brute Force Attack Detection: Part 1

25 Mar 2018

Ryan G Conrad

Prevent brute-force login attacks on a remotely accessible SQL Server database using T-SQL

KeePass Password Safe

13 Jan 2020

Dominik Reichl

KeePass is a free, open source, light-weight and easy-to-use password manager.

JWT Security Part 1, Create Token

4 Sep 2017

Bart-Jan Brouwer

Learn how to create JWT and use with WebApi, REST and MVC all build with .Net Core

Custom Roles Based Access Control (RBAC) in ASP.NET MVC Applications - Part 1 (Framework Introduction)

8 Jun 2015

Stefan Wloch

An introduction to custom roles based access control in an ASP.NET MVC application using the Entity Framework.

A Password safe built with Arduino Leonardo

15 Apr 2015

webmaster442

How to build a simple hardware password safe and login system with off the shelf components.

Create Custom Permission in Object Level

11 Jun 2012

taha bahraminezhad Jooneghani

Custom permission in object level with out sign in and out to affect to users

Elevating During Runtime

15 Feb 2013

Michael Haephrati

How can an application elevate itself to gain "Admin" rights during runtime

Salted Password Hashing - Doing it Right

14 Feb 2016

adriancs, Taylor Hornby

Securing Password by Hashing with Salt

Security in Angular - Part 2

16 Jul 2018

Paul D. Sheriff

Part 2 of how to add security to your Angular applications.

ASP.NET Core Security Overview

17 May 2018

Sriganesha Rao

This article provides an overview of ASP.NET Core security features.

An Absolute Beginner's Tutorial on Cross Site Scripting(XSS) Prevention in ASP.NET

6 Apr 2013

Rahul Rajat Singh

In this article we will try to see what is Cross Site Scripting(XSS).

Thinktecture Identity Server - Configuration, Customization

19 Nov 2013

Azeet Chebrolu

Installing, extending Identity Server and implementing session token caching

Beginners guide to a secure way of storing passwords

20 Jul 2012

StianSandberg

This article will explain how to securely store users passwords in a database.

A simple plug-in engine using Reflection

26 Sep 2012

Vitaly Zhukov

This article describes how to create and use configurable plug-ins in your application.

WCF Service with custom username password authentication

25 Jul 2010

Fayaz Soomro

This article describes custom username password authentication without the need of certificate installation on the client side.

Encrypting Communication between C# and PHP

11 Oct 2011

Scott Clayton

Set up encrypted secure communication between C# and PHP using the AES and RSA algorithms.

10 Points to Secure Your ASP.NET MVC Applications.

4 Aug 2016

Saineshwar Bageri

In this article we will run through 10 points which will help us to make our MVC code secure.

Selfhosted Secure WCF by Id password, custom validation

16 Jul 2014

Himanshu Thawait

No config file needed – all setting in code only, No IIS – Self hosted, consume by channel factory

Creating a WCF Service with MSMQ Communication and Certificate Security

15 Mar 2012

Mohammad Sepahvand

Implementing a Simple, Secure WCF Service with MSMQ Communication

CSHA1 - A C++ Class Implementation of the SHA-1 Hash Algorithm

19 Jun 2012

Dominik Reichl

CSHA1 - A C++ class implementation of the SHA-1 hash algorithm

WCF REST 4.0 Authorization with Form Based Authentication (SetAuthCookie)

19 Mar 2013

Anupama Agarwal

How to create custom authorization policy and return HTTPContext Identity for authorization.

Halibut: a secure communication stack for .NET/Mono

28 Feb 2013

Paul Stovell

Secure alternative to WCF. JSON-RPC meets SSL meets .NET and Mono.

Understanding, Using and Customizing ASP.NET Identity System for Authentication and Authorization

16 Jul 2014

Rahul Rajat Singh

In this article we will look into ASP.NET Identity System which comes as the default authentication and authorization mechanism with ASP.NET MVC 5 internet application template. We will try to understand the ASP.NET Identity system and compare it with the ASP.NET simple membership providor and the c

A Beginner's Tutorial for Understanding and Implementing Password Hashing and Salting

19 Jun 2013

Rahul Rajat Singh

In this article we will discuss about securing the user passwords by using hashing and salting on the user passwords.

Understanding SQL Injection and Creating SQL Injection Proof ASP.NET Applications

9 Jan 2013

Rahul Rajat Singh

This article talk about what SQL injection is, how can that effect the security of our websites and what steps should be taken to create an ASP.NET application SQL injection proof.

SSL Peer Verification

21 Apr 2011

All Time Programming

Verifying the Server Certificate on the client side using a CA file

Automated penetration testing in the Microsoft stack with OWASP ZAP

27 Jan 2014

GustavoMartins

Automate your penetration testing using the pentest tool ZAP and the

Password Strength Indicator NuGet Package

20 Feb 2017

Bryian Tan

Password Strength Indicator using jQuery and XML + NuGet Package

Secure Spike Engine Websockets with TLS/SSL

23 Jun 2015

Kel_

Securing Spike Engine HTTP & Websockets with TLS/SSL layer.

Just another article on Cryptography, SSL and Digital Signature

21 Mar 2016

Dharmesh_Kemkar

Basics on Cryptography, SSL and Digital Signature

The Secrets of Internet Explorer Credentials

30 Jan 2017

Michael Haephrati

Third of several articles covering the secrets of obtaining stored (and encrypted) credentials stored by browsers

Security in Angular - Part 1

16 Jul 2018

Paul D. Sheriff

A technique for securing Angular 2/6 applications

Simplified version of the DES (Data Encryption Standard) in C#

5 Jul 2010

Jubba Smail

Implementing a simplified version of the DES block cipher algorithm – which was the standard encryption algorithm before the AES, using C# to encrypt and decrypt binary files.

401 and/or 403 and a Short Story of Secure RESTful

3 Jul 2019

rtybase

401 and/or 403 and a short story of secure RESTful

SQL Injection Knowhow

6 Jun 2011

Arpit Dubey

This article explains SQL injection attacks, mitigation strategies, and factors to consider while testing.

SecurePHPWebAppCoding - SQL Injection - What is it and How to Stop It?

14 Sep 2014

Abani Kumar Meher

This article describes how we write code while developing web application which results in SQL injection vulnerability and how we should write code to prevent it.

web_application

Validation & Security in MVC Application

6 Sep 2015

Passion4Code

Validation & security in MVC application

XSRF with Web API and Angular

15 Apr 2016

ireiter

Using XSRF with Web API and Angular

N - tier project with WCF OData service, Entity Framework, MVC3.0, Ninject DI, jSOn.net and Automapper

10 Dec 2012

Vijay Tanwar

N-Tier application with WCF Odata service and Entity Framework.

IdentityServer3, WebAPI , MVC, ASP.NET Identity, Specflow: The Magnificent Five

29 May 2017

Veronica S. Zotali

This article shows how to configure IdentityServer3, when you need to authenticate and authorize usage of your WebAPI/MVC, for users stored in SQL Server.

Separating Features and Authorisation. Getting More Done and Improving Quality in the Middle Tier.

16 Aug 2016

Olubisi Akintunde

Application Managed Authorisation using Dependency Injection and Interception

Swanky Encryption/Decryption in C#

26 Jan 2015

1337Architect

Handy classes to use the .NET Encryption/Decryption

Destroy All Passwords: Never Memorize A Password Again

3 Jun 2016

raddevus

A novel approach to generate a secure way to login that doesn't require the user to ever memorize a password again. This method can be used with any web site, program, etc. and creates a more secure password than other methods.

Things I learned while implementing my first Level2 SecurityCritical assembly

16 Aug 2012

Ronald M. Martin

Reading between the lines of the .NET 4.0 Level 2 Security documentation

Identity-Based Authentication in .NET Core 3.0 using In-Memory Database

31 Jan 2020

Prashant Rewatkar

This article demonstrates how to add Identity-Based Authentication in .NET Core 3.0 using In-Memory Database.

Manage security and redirection for non authorized access in MVC

18 Jul 2012

Yves Vaillancourt

How to apply security and redirection to a view when a user cannot access a controller or a controller action in MVC

web_development

Security Issues - Overview and Examples

13 Nov 2015

Paulo Zemek

Lately I am dealing a lot with security issues and, as I am thinking about security all the time, I decided to write this post. Yet, don't expect me to talk about the newest cases.So, first, what is considered a security issue?I don't have a perfect answer but maybe we can say that if anything in an

Role Based Security Architecture Using .NET MVC & JS

23 Feb 2015

Tushar_Gupta

A custom security architecture for role based access to components in a page

Security Engineer Manifesto

9 Feb 2015

CdnSecurityEngineer

Security Engineer manifesto

Data Encryption in Azure

8 Nov 2018

DataBytzAI

Overview of encryption at rest, in motion and in use with Azure Encryption

OWASP #6 Preventing Sensitive Data Exposure in ASP.NET – Part 2

26 Feb 2016

Max R McCarty

How are you storing that sensitive application data and should you be?

SQL Server Brute Force Attack Detection: Part 4

30 Apr 2018

Ryan G Conrad

Using Powershell and Windows Task Scheduler API to detect malicious login attempts on a remotely accessible SQL Server database

Kubernetes Best Practices: Security

21 Jul 2020

Robert_Brennan

In this article let’s look at three common security challenges, and how to overcome them.

11 Oct 2013

ASP.NET Community

AJAX adds one more wrinkle to web security. I find that videos and demonstrations help me understand subtle topics like this.VideosSecurity in

Rogue Wave OpenLogic: A Review

16 Jun 2015

Chris_Riley

I recently spent some time with Rogue Wave OpenLogic product. OpenLogic is an “open source” component review tool.

Security Best Practices for Android 5.0

30 Oct 2015

Android on Intel

In this article, I will describe four best practices for Android device management.

Mule ESB + PGP: Pretty Good Privacy

22 May 2016

RajeshKumar D

Configuring PGP Encryption and Decryption part of MULE ESB

30 Aug 2018

Member 10280272

Cyber Security techniques for web sites

Smart Contract Security Guaranteed by the Network: Cardano and Zilliqa

24 Jan 2019

Apriorit Inc, MikeSotnichek

The article is about smart security contract in Cardano and Zilliqa with a description of testing both networks.

How to Implement a Custom Blockchain for Your Business: Graphene Framework

5 Feb 2019

Apriorit Inc, MikeSotnichek

The experience of creating a custom blockchain network using the Graphene framework.

Row Level Data Security in Tableau - Part 1

11 Jun 2020

Imran Abdul Ghani

Step by Step Implementation of Row Level Data Security in Tableau