DotNetKicks.com : Stories kicked by Fady

The One Single Tip to Comment Your Code

Wed, 19 Mar 2008 13:01:02 GMT

You've heard about 13 tips to comment your code, but what about the One Single Tip?

Do You Really Need A Distributed Architecture?

Sat, 16 Feb 2008 13:46:02 GMT

Does the question sound rhetoric to you? Do you think the answer is "Yes" by default these days? Think twice. Ask yourself the questions below. You may change your mind at the end.

SQL Injection through cookies

Mon, 31 Dec 2007 01:35:18 GMT

Through my career as a developer I've seen many developers that are not aware about the possibility of SQL injection through cookies. Cookies in fact is a user input and as any input it must be validated and because normal users don't see cookies that doesn't mean attackers won't temper with it.

Facebook XSS Vulnerability

Mon, 24 Dec 2007 03:29:39 GMT

A Facebook XSS security vulnerability that might enable hackers to obtain your friends list by just visiting a web site containing some AJAX code that makes requests in behalf of you

5 signs your ASP.NET application may be vulnerable to HTML injection

Tue, 18 Dec 2007 22:01:04 GMT

HTML injection is an incredibly dangerous flaw to have in your application and ASP.NET does nothing for you automatically. Here's 5 tell-tale signs your application may be affected.

Microsoft Parallel Extensions (PFX) or PLINQ is now a CTP

Mon, 17 Dec 2007 07:54:01 GMT

At last now we can play around with PLINQ :)

Catch hackers red handed using http modules

Mon, 17 Dec 2007 05:19:34 GMT

Here is a nice trick to help you to detect hackers in action while trying to hack your web applications. The idea is very simple, we want to set a layer there between your application and the internet to watch the web traffic for anything suspicious. These suspicious things might be a query string that contains a XSS script or a SQL injection query. So we will monitor the web traffic that is passing through that layer for well known and common patterns of attack methods that most hackers use to scan your web applications for vulnerabilities. We will use http modules to implement that layer, here is some dirty code to demonstrate the idea.

.NET Framework 3.5 Is Shared Source

Thu, 04 Oct 2007 00:46:25 GMT

Microsoft's .NET Framework 3.5 is going to be released open source.

The most common software security mistakes

Tue, 04 Sep 2007 18:16:02 GMT

Through my humble experience with software development I've seen developers making fetal security mistakes without even feeling that they are doing something wrong. So I've decided to gather these common mistakes in a list so it would be easier to avoid. Through this article I will give examples regardless to the used technology but the concepts applies to all technologies. So here we go

How to tell if a .NET Assembly is debug or release

Thu, 06 Sep 2007 17:31:02 GMT

Explains how to tell if a .NET Assembly is built for debug or release by using .NET Reflector and programmatically using System.Reflection.

Hacking the GAC, How to enable standard directory browsing

Thu, 30 Aug 2007 20:31:02 GMT

Have you ever wanted to or needed to view the actual contents of the GAC? Not just what is in the GAC, but actually grab the assemblies that are there?

Optimization: Your worst enemy

Sat, 18 Aug 2007 19:01:02 GMT

Good article on why optimization can be bad, and what you can do about it.

J2EE vs ASP.NET vs PHP

Wed, 15 Aug 2007 18:10:29 GMT

In this article, Author wanted to compare the web application development platforms which he has been using for recent years. His comparison has no aim to make one platform better than others, or vice versa. These are all his own thoughts and what he has experienced during the development of web applications using the three platforms. It is open to you to express your opinions and stands as a comment.

Anti XSS AJAX

Wed, 15 Aug 2007 16:35:57 GMT

XSS have became a problem that most web developers still suffering from it tell now, simply because however you try hard to validate every user input it only takes a single line of code that prints out the user input without validation to render your whole application vulnerable to XSS attacks

alert("XSS")

Tue, 14 Aug 2007 20:26:44 GMT

XSS? What is XSS? Well, to cut it short XSS is the abbreviation of Cross Site Scripting but the C have been replaced with X because CSS already means Cascaded Style Sheets plus XSS is a much cooler name ;) so what is XSS again?

Let's talk pure ajax

Sun, 12 Aug 2007 09:27:43 GMT

Hello guys, today I'm going to talk about ajax but lets 1st explain this strange expression in this article title "pure ajax", actually it's an expression that I've came up with after very different incidents that convinced me to use this expression to differentiate between ajax and what people call ajax as a misconception. So the 1st question that would pop up what is ajax in the 1st place? Ofcourse lots of us I assume know that the acronym ajax stands for asynchronous java script and XML but lets explain this a little bit more further, XML here means that we would transmit data in the XML format but what about the asynchronous java script? Is it a new type of java script that came out after web 2.0 hype? Yes? Actually the answer is no, I've passed by several individuals that think that ajax came "after" the web 2.0 so called hype and they didn't believe me when I told them no ajax programming techniques was already there covered with dust far before even the expression web 2.0 was invented and actually the expression asynchronous java script is all about an object called XMLHttpRequest that supports that a java script can send a GET or a POST request to a web server through the http protocol asynchronously or synchronously.....

Don't rely on obfuscation

Wed, 15 Aug 2007 23:31:02 GMT

A white paper demonstrating the weaknesses of managed code obfuscation known protection techniques