Recently Microsoft released a beta edition of Anti-XSS library V3.0. Here’s a list of some new features which were added in this release:

• An expanded white list that supports more languages
• Performance improvements
• Performance data sheets (in the online help)
• Support for Shift_JIS encoding for mobile browsers
• A sample application
• Security Runtime Engine (SRE) HTTP module

Also as you can read on Microsoft Connected Information Security Group blog they have also released a CTP version of CAT.NET (Microsoft Code Analysis Tool .NET) which is a managed code static analysis tool for finding security vulnerabilities such as Cross Site Scripting - SQL Injection - Process Command Injection - File Canonicalization - Exception Information, etc.

Downloads:

• Microsoft Anti-Cross Site Scripting Library V3.0 Beta (Kick It!)
• Anti-XSS V3.0 Beta Source Code
• Microsoft Code Analysis Tool .NET (CAT.NET) v1 CTP - 32 bit (Kick It!)
• Microsoft Code Analysis Tool .NET (CAT.NET) v1 CTP - 64 bit

 

McAfee, the famous security products vendor, offers a %100 discount on McAfee Virus Scan Plus 2009 + 1 year free subscription (a $40 value). To receive your own free license just go here and enter VSPPROMOCF as coupon code and click on checkout; now you have a $0 shopping card!

Offer is valid through December 31, 2008. You can download your copy for Windows 2000, Windows XP and Windows Vista.

+ [via Labnol]

+ It seems that free Anti Virus offers is going to be expanded after Microsoft announced free Anti Virus offer in near future!

 

One of the basic but important security issues in web development that you should pay attention to is SQL Injection. Recently HP released a free tool called Scrawlr to test such vulnerabilities.

This tool checks your pages using a simple crawler or Google query and find any SQL Injection problems. This tool can only check issues on GET parameters.

You can check up to 1500 URL in each web site using this free tool.

Download: https://download.spidynamics.com/Products/scrawlr/

 

It’s so easy to use powerful ASP.NET Membership, Role and Profile provider in a Windows or Console application. Only one key point remains here; you should add an app.config file to your Console or Windows application and include these nodes in that:

<?xml version='1.0' encoding='utf-8'?>
<configuration>
    <connectionStrings>
        <add name="SQLConnString" connectionString="SERVER=(local);DATABASE=SampleApp;UID=sa;PWD=123"/>
    </connectionStrings>
    <system.web>

        <membership defaultProvider="SampleAppMembershipProvider">
            <providers>
                <add name="SampleAppMembershipProvider"
                     connectionStringName="SQLConnString"
                      applicationName="SampleAppMembership"
                      enablePasswordReset="true"
                      enablePasswordRetrieval="false"
                      passwordFormat="Hashed"
                      maxInvalidPasswordAttempts="100"
                      minRequiredPasswordLength="5"
                      minRequiredNonalphanumericCharacters="0"
                      requiresQuestionAndAnswer="false"
                      requiresUniqueEmail="true"
                      passwordAttemptWindow="5"
                      passwordStrengthRegularExpression=""
                      type="System.Web.Security.SqlMembershipProvider" />
            </providers>
        </membership>

        <profile defaultProvider="SampleAppProfileProvider">
            <providers>
                <add name="SampleAppProfileProvider"
                type="System.Web.Profile.SqlProfileProvider"
                connectionStringName="SQLConnString"/>
            </providers>
            <properties>
                <add name="FirstName" type="System.String" />
                <add name="LastName" type="System.String" />
                <add name="Email" type="System.String" />
                <add name="Website" type="System.String" />
                <add name="Address" type="System.String" />
                <add name="Note" type="System.String" />
                <add name="Phone" type="System.String" />
                <add name="Fax" type="System.String" />
                <add name="Feature" type="System.Int32" />
            </properties>
        </profile>

        <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="SampleAppSqlRoleProvider" 
                 cookieName=".ASPXSampleAppROLES" cookiePath="/" cookieTimeout="30" cookieRequireSSL="false" 
                 cookieSlidingExpiration="true" createPersistentCookie="false" cookieProtection="All">
            <providers>
                <clear/>
                <add name="SampleAppSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, 
                      System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 
                      connectionStringName="SQLConnString" applicationName="SampleAppRoles"/>
            </providers>
        </roleManager>
    </system.web>
</configuration>

 

Recently (and specially after Web 2.0 revolution) many websites started to use more complicated CAPTCHA solutions on their websites in order to prevent spam and bot attacks. There are many free solutions and tools for users and developers to implement CAPTCHA technology in their applications. There are also many ASP.NET controls and components for this approach but many of them are so simple to hijack or don't offer features that these days we see on professional websites (some features like reload function, voice, etc.).

A few days ago I found a link to reCAPTCHA on Yahoo!. reCAPTCHA is a free (but professional) tool for basic users and also developers. To use this service you should first signup, receive an API Key for your website (you can receive as many as you need) and use one of easy-to-install plugnins provided. And good news for ASP.NET developers is that you can download and use a server side control and enjoy reCAPTCHA with two lines of code! The API Key guarantees your website and prevents attackers collect answers from visitors and use them. There are three different themes to choose.

If you want to use reCAPTCHA on a Web 2.0 website you can use AJAX API just by adding this line of code to you html or webform file: I strongly suggest you download and test this tool in your web applications.

Quick Links: reCAPTCHA.net | Live Demo | Why reCAPTCHA | Signup | reCAPTCHA.NET Control | Email Protection With reCAPTCHA

 

Omar Al Zabir has recently listed 10 cool articles about ASP.NET, AJAX, ... which he has published this year. From my personal view these articles are interesting:

• Cleanup inactive anonymous users from ASP.NET Membership Tables
• Prevent Denial of Service (DOS) attacks in your web application
• 13 disasters for production website and their solutions

 

Are you tired of commercial expensive anti-virus softwares which you should buy and be charged for update subscriptions every year? Yesterday I was looking for a free and good anti-virus software to install on my laptop. After I googled a while, finally I reached ALWIL Software web site.

This company offers an anti-virus software called avast! that is a good tool to substitute softwares like Norton or McAfee.

Fortunately, avast! has a free edition for non-commercial uses. avast! 4 Home Edition is for home users who do not use their computer for profit. You can download its setup file and install it on your PC. In order to use this free edition, you should register it (for free!) to receive a serial number. Then you can enjoy this powerful, modern anti-virus software.

This edition will give you real-time protection, complete auto update from Internet, Web, IM, Email protection and etc.. Also you can use it on 64-bit systems.

User interface is available in these languages: English, Bulgarian, Czech, Dutch, Finnish, French, German, Hungarian, Italian, Norwegian, Korean, Polish, Portuguese, Japanese, Romanian, Russian, Serbian, Slovak, Spanish, Turkish.

Do you believe?!!


Download: English Version (around 10 MB) | Other Languages
Register: Right Here!

If you are planning for 646-204 CSE Cisco Sales Expert exam, or a BSCI 642-901 exam, you should consult real exam, an online website. It can also help you in preparation of Building Converged Cisco Multilayer Switched Networks (BCMSN) 642-812, and in MCTS 70-236 exam. So, if you are worried about preparation of CompTIA Network+ N10-003 exam, the go on the website and get material.

 

Microsoft released Anti-Cross Site Scripting (XSS) Library V1.0 for .NET framework [Details]

I think after SQL Injection, XSS is the second vulnerability which many web sites are infected to and so this tool can help (and awake!) many developers control this danger in their codes.

As said on download page of this library, current downloadable package only contains .NET 2.0 binaries and 1.x versions are due to release in future (Bad news :(( I still have to use 1.x version in some projects).

More information about XSS can be found here.

UPDATE: Library updated! Now it supports both .NET 2.0 and 1.x.