SharpLife.NET

Find Your Web site SQL Injection Vulnerabilities Using Scrawlr

Your DisplayName here! — Sat, 05 Jul 2008 13:09:18 GMT

One of the basic but important security issues in web development that you should pay attention to is SQL Injection. Recently HP released a free tool called Scrawlr to test such vulnerabilities.

This tool checks your pages using a simple crawler or Google query and find any SQL Injection problems. This tool can only check issues on GET parameters.

You can check up to 1500 URL in each web site using this free tool.

Download: https://download.spidynamics.com/Products/scrawlr/

How to use ASP.NET Membership in a Console Application

Your DisplayName here! — Tue, 01 Jul 2008 12:54:35 GMT

It’s so easy to use powerful ASP.NET Membership, Role and Profile provider in a Windows or Console application. Only one key point remains here; you should add an app.config file to your Console or Windows application and include these nodes in that:

<?xml version='1.0' encoding='utf-8'?> <configuration> <connectionStrings> <add name="SQLConnString" connectionString="SERVER=(local);DATABASE=SampleApp;UID=sa;PWD=123"/> </connectionStrings> <system.web> <membership defaultProvider="SampleAppMembershipProvider"> <providers> <add name="SampleAppMembershipProvider" connectionStringName="SQLConnString" applicationName="SampleAppMembership" enablePasswordReset="true" enablePasswordRetrieval="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="100" minRequiredPasswordLength="5" minRequiredNonalphanumericCharacters="0" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordAttemptWindow="5" passwordStrengthRegularExpression="" type="System.Web.Security.SqlMembershipProvider" /> </providers> </membership> <profile defaultProvider="SampleAppProfileProvider"> <providers> <add name="SampleAppProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="SQLConnString"/> </providers> <properties> <add name="FirstName" type="System.String" /> <add name="LastName" type="System.String" /> <add name="Email" type="System.String" /> <add name="Website" type="System.String" /> <add name="Address" type="System.String" /> <add name="Note" type="System.String" /> <add name="Phone" type="System.String" /> <add name="Fax" type="System.String" /> <add name="Feature" type="System.Int32" /> </properties> </profile> <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="SampleAppSqlRoleProvider" 


cookieName=".ASPXSampleAppROLES" cookiePath="/" cookieTimeout="30" cookieRequireSSL="false" 


cookieSlidingExpiration="true" createPersistentCookie="false" cookieProtection="All"> <providers> <clear/> <add name="SampleAppSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, 


System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 


connectionStringName="SQLConnString" applicationName="SampleAppRoles"/> </providers> </roleManager> </system.web> </configuration>

Follow my tiny posts on twitter too!

Your DisplayName here! — Wed, 25 Jun 2008 12:51:54 GMT

Hi!

It's a long time since I've decided not to post simple day-to-day not useful posts on Sharplife.NET; meanwhile this damn busy life doesn't allow me to post large technical posts about .NET, so if you are interested to follow some links and tiny posts you can follow me on Twitter, Jaiku, Plurk or Pownce.

I'll try to write some technical stuff periodically.

Don't forget to take a look at tabassom.com ;-)

Joint Song by Arian Music Band and Chris De Burgh

Your DisplayName here! — Fri, 30 Nov 2007 12:44:31 GMT

Iranian Arian Music Band and famous Irish singer, Chris De Burgh, are working on a joint song. According to Mohsen Rajabpour, managing director of Arian Band "A Medlody for Peace" is the name of this song and with the theme of love and respect to human beliefs, and soon will be presented inside and outside the country.

This new song will be shipped with 4th Arian album in the next few months.

Download .netTiers Documentation

Your DisplayName here! — Mon, 05 Nov 2007 10:18:19 GMT

A few days ago, I found some free time to study some articles and documentation about .netTiers. I tested it on some of my previous projects and result was great. Professional software architecture in generated code, smart code generation based on database tables and columns, ease of use, etc. are amazing features of this open source template for CodeSmith.

.netTiers official website has a documenation you can read online but how I searched, I couldn't find any offline version of this documentation to download. So I saved all documentation sections as HTML files and also created PDF version of each page. You can download this documentation in a compress file here (3.7 MB).

Jaiku Invitations

Your DisplayName here! — Wed, 31 Oct 2007 13:48:02 GMT

I have 9 Jaiku invitations left. Everyone who wants to receive one, please leave his/her name and email address in comment of THIS post.

Forget to say I'm at mahdi.jaiku.com!

UPDATE: I sent all 9 invitations and I don't have anymore left.

reCAPTCHA: Free CAPTCHA Solution For Your Website

Your DisplayName here! — Mon, 15 Oct 2007 12:07:04 GMT

Recently (and specially after Web 2.0 revolution) many websites started to use more complicated CAPTCHA solutions on their websites in order to prevent spam and bot attacks. There are many free solutions and tools for users and developers to implement CAPTCHA technology in their applications. There are also many ASP.NET controls and components for this approach but many of them are so simple to hijack or don't offer features that these days we see on professional websites (some features like reload function, voice, etc.).

A few days ago I found a link to reCAPTCHA on Yahoo!. reCAPTCHA is a free (but professional) tool for basic users and also developers. To use this service you should first signup, receive an API Key for your website (you can receive as many as you need) and use one of easy-to-install plugnins provided. And good news for ASP.NET developers is that you can download and use a server side control and enjoy reCAPTCHA with two lines of code! The API Key guarantees your website and prevents attackers collect answers from visitors and use them. There are three different themes to choose.

If you want to use reCAPTCHA on a Web 2.0 website you can use AJAX API just by adding this line of code to you html or webform file: I strongly suggest you download and test this tool in your web applications.

Some ASP.NET Articles

Your DisplayName here! — Wed, 03 Oct 2007 10:37:27 GMT

Omar Al Zabir has recently listed 10 cool articles about ASP.NET, AJAX, ... which he has published this year. From my personal view these articles are interesting:

BlogEngine.NET 1.2 Released

Your DisplayName here! — Mon, 01 Oct 2007 10:24:27 GMT

BlogEngine.NET 1.2 released. As you may know it's a free blog tool written in C# and ASP.NET 2.0 and they added many features to this release which you can see here.

In this release BlogEngine supports 26 language packages including Persian language which I had translated its resources for them.

Although, I don't use BlogEngine at present (and I'm using dasBlog), I'm thinking about migration to BlogEngine because of more features. In this version BlogEngline also supports BlogML for import/export (Thanks Keyvan!).

More on BlogEngline.NET: Download Latest Release | Documents | Hosters that offer BlogEngine.NET | Complete Features List | Some Videos.

metacrawler.com: Search The Search Engines!

Your DisplayName here! — Thu, 27 Sep 2007 08:05:25 GMT

Sometimes it happend that you want to search for something on the web and don't find your desired results in your favorite search engine, you may decide to try another search engine to find the answer. Here's a better and easier way for such times!

metacrawler.com is a website which enjoys metasearch technology to gather best results from various search engines including Google, Yahoo! Search, MSN Search, Ask Jeeves, About, MIVA, LookSmart and more.

You can see all results from all search engines together or select a search engine and see its results only.