One of the basic but important security issues in web development that you should pay attention to is SQL Injection. Recently HP released a free tool called Scrawlr to test such vulnerabilities.

This tool checks your pages using a simple crawler or Google query and find any SQL Injection problems. This tool can only check issues on GET parameters.

You can check up to 1500 URL in each web site using this free tool.

Download: https://download.spidynamics.com/Products/scrawlr/

 

It’s so easy to use powerful ASP.NET Membership, Role and Profile provider in a Windows or Console application. Only one key point remains here; you should add an app.config file to your Console or Windows application and include these nodes in that:

<?xml version='1.0' encoding='utf-8'?>
<configuration>
    <connectionStrings>
        <add name="SQLConnString" connectionString="SERVER=(local);DATABASE=SampleApp;UID=sa;PWD=123"/>
    </connectionStrings>
    <system.web>

        <membership defaultProvider="SampleAppMembershipProvider">
            <providers>
                <add name="SampleAppMembershipProvider"
                     connectionStringName="SQLConnString"
                      applicationName="SampleAppMembership"
                      enablePasswordReset="true"
                      enablePasswordRetrieval="false"
                      passwordFormat="Hashed"
                      maxInvalidPasswordAttempts="100"
                      minRequiredPasswordLength="5"
                      minRequiredNonalphanumericCharacters="0"
                      requiresQuestionAndAnswer="false"
                      requiresUniqueEmail="true"
                      passwordAttemptWindow="5"
                      passwordStrengthRegularExpression=""
                      type="System.Web.Security.SqlMembershipProvider" />
            </providers>
        </membership>

        <profile defaultProvider="SampleAppProfileProvider">
            <providers>
                <add name="SampleAppProfileProvider"
                type="System.Web.Profile.SqlProfileProvider"
                connectionStringName="SQLConnString"/>
            </providers>
            <properties>
                <add name="FirstName" type="System.String" />
                <add name="LastName" type="System.String" />
                <add name="Email" type="System.String" />
                <add name="Website" type="System.String" />
                <add name="Address" type="System.String" />
                <add name="Note" type="System.String" />
                <add name="Phone" type="System.String" />
                <add name="Fax" type="System.String" />
                <add name="Feature" type="System.Int32" />
            </properties>
        </profile>

        <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="SampleAppSqlRoleProvider" 
                 cookieName=".ASPXSampleAppROLES" cookiePath="/" cookieTimeout="30" cookieRequireSSL="false" 
                 cookieSlidingExpiration="true" createPersistentCookie="false" cookieProtection="All">
            <providers>
                <clear/>
                <add name="SampleAppSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, 
                      System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 
                      connectionStringName="SQLConnString" applicationName="SampleAppRoles"/>
            </providers>
        </roleManager>
    </system.web>
</configuration>

 

Recently (and specially after Web 2.0 revolution) many websites started to use more complicated CAPTCHA solutions on their websites in order to prevent spam and bot attacks. There are many free solutions and tools for users and developers to implement CAPTCHA technology in their applications. There are also many ASP.NET controls and components for this approach but many of them are so simple to hijack or don't offer features that these days we see on professional websites (some features like reload function, voice, etc.).

A few days ago I found a link to reCAPTCHA on Yahoo!. reCAPTCHA is a free (but professional) tool for basic users and also developers. To use this service you should first signup, receive an API Key for your website (you can receive as many as you need) and use one of easy-to-install plugnins provided. And good news for ASP.NET developers is that you can download and use a server side control and enjoy reCAPTCHA with two lines of code! The API Key guarantees your website and prevents attackers collect answers from visitors and use them. There are three different themes to choose.

If you want to use reCAPTCHA on a Web 2.0 website you can use AJAX API just by adding this line of code to you html or webform file: I strongly suggest you download and test this tool in your web applications.

Quick Links: reCAPTCHA.net | Live Demo | Why reCAPTCHA | Signup | reCAPTCHA.NET Control | Email Protection With reCAPTCHA

 

Omar Al Zabir has recently listed 10 cool articles about ASP.NET, AJAX, ... which he has published this year. From my personal view these articles are interesting:

• Cleanup inactive anonymous users from ASP.NET Membership Tables
• Prevent Denial of Service (DOS) attacks in your web application
• 13 disasters for production website and their solutions

 

Are you tired of commercial expensive anti-virus softwares which you should buy and be charged for update subscriptions every year? Yesterday I was looking for a free and good anti-virus software to install on my laptop. After I googled a while, finally I reached ALWIL Software web site.

This company offers an anti-virus software called avast! that is a good tool to substitute softwares like Norton or McAfee.

Fortunately, avast! has a free edition for non-commercial uses. avast! 4 Home Edition is for home users who do not use their computer for profit. You can download its setup file and install it on your PC. In order to use this free edition, you should register it (for free!) to receive a serial number. Then you can enjoy this powerful, modern anti-virus software.

This edition will give you real-time protection, complete auto update from Internet, Web, IM, Email protection and etc.. Also you can use it on 64-bit systems.

User interface is available in these languages: English, Bulgarian, Czech, Dutch, Finnish, French, German, Hungarian, Italian, Norwegian, Korean, Polish, Portuguese, Japanese, Romanian, Russian, Serbian, Slovak, Spanish, Turkish.

Do you believe?!!


Download: English Version (around 10 MB) | Other Languages
Register: Right Here!

 

Microsoft released Anti-Cross Site Scripting (XSS) Library V1.0 for .NET framework [Details]

I think after SQL Injection, XSS is the second vulnerability which many web sites are infected to and so this tool can help (and awake!) many developers control this danger in their codes.

As said on download page of this library, current downloadable package only contains .NET 2.0 binaries and 1.x versions are due to release in future (Bad news :(( I still have to use 1.x version in some projects).

More information about XSS can be found here.

UPDATE: Library updated! Now it supports both .NET 2.0 and 1.x.