Ozzie.eu

Security on ASP.NET applications

The evolution of information systems places more and more applications on web-based architectures. The concern with security on this type of systems has to evolve also. Any programmer familiar with Web development is a potential script kiddie. The task of corrupting, destroying or getting illicit access to data cannot be facilitated.

There is a series of guides on Microsoft Developer's Network, on how to protect an ASP.NET application against injection attacks. The guides are pretty straightforward, giving a brief notion of the attacks and also the counter measures one can adopt to prevent them:

• How To: Protect From Injection Attacks in ASP.NET


• How To: Protect From SQL Injection in ASP.NET


• How To: Prevent Cross-Site Scripting in ASP.NET


• How To: Use Regular Expressions to Constrain Input in ASP.NET

Even if you have already deployed applications, it's very well worth it to spend some time analyzing them and integrating the security enhancements explained. Better safe than sorry.

Connecting VPN on Ubuntu

Sometimes, to insure a service's quality stated on a Service Level Agreement, one has to do interventions on the systems at any given hour of the day. Even late at night, or on holidays.

Given the possibility of connecting to my Workplace´s network through VPN, I faced the challenge of configuring a VPN network client on Ubuntu Linux (9.10). Our communications staff had a ready to use setup for Windows, but that didn't help much. So I took the exported Cisco PCF file and got engaged on this task.

Overall, it wasn't as tricky as I would expect. I performed the following steps:

1. Open the Synaptic Package Manager


2. Selected the following packages: vpnc, network-manager-vpnc, KVpnc


3. Apply the changes

Having finished the installation:

1. Go to the Application menu, select Internet/KVpnc


2. Start the new connection wizard and import the pcf file


3. Save your new profile


4. Connect and ... that's it!

I tried to import the pcf file directly, without using the wizard and it didn't work. Anyway, when your VPN connection is active, open a terminal window and run the command "ifconfig". Your VPN tunnel should be listed on the active connections.