This was shared with my by a college of mine on his blog. Thanks Raj
http://blog.aggregatedintelligence.com/2010/05/defeating-ssl.html
Defeating SSL via man in the middle attacks, SSL Striping - “Moxie Marlinspike - More Tricks for Defeating SSL”.
Thursday, July 1, 2010
Wednesday, May 19, 2010
IIS Web Deploy (keeping a webfarm in sync)
http://www.iis.net/download/WebDeploy
Web Deploy allows you to efficiently synchronize sites, applications or servers across your IIS 7.0 server farm by detecting differences between the source and destination content and transferring only those changes which need synchronization. The tool simplifies the synchronization process by automatically determining the configuration, content and certificates to be synchronized for a specific site. In addition to the default behavior, you still have the option to specify additional providers for the synchronization, including databases, COM objects, GAC assemblies and registry settings.
Web Deploy allows you to efficiently synchronize sites, applications or servers across your IIS 7.0 server farm by detecting differences between the source and destination content and transferring only those changes which need synchronization. The tool simplifies the synchronization process by automatically determining the configuration, content and certificates to be synchronized for a specific site. In addition to the default behavior, you still have the option to specify additional providers for the synchronization, including databases, COM objects, GAC assemblies and registry settings.
Tuesday, April 6, 2010
Good bye mouse. Hello 10/GUI
8 minute video on the next revolution in gui desktop interaction. http://10gui.com/video/
Check it out! it is well worth the 8 minutes of your time
Check it out! it is well worth the 8 minutes of your time
Thursday, March 11, 2010
MVC http request flow
This is a good diagram that shows how a http request flow work in the MVC framwork.
Request Flow
In regular ASP.NET web form applications, URLs are usually mapped to physical disk files. When a URL is requested, the code of the associated file gets executed, which generates the HTML. However, in the ASP.NET MVC Framework the URLs are tied with the Controllers rather than the disk file. The component that is responsible to map the URL with the Controller is the Routing Handler. When the application starts, it is required to register the URL Routing Rules, which the Routing Handler uses to map the controller when the request arrives. Let's take a quick view of how a request is carried in different layers of the ASP.NET MVC Framework:Figure 2: The Request Flow
- The user requests a URL.
- The ASP.NET MVC Framework evaluates the requested URL against the registered Routing Rules and finds a matching Controller. The Framework forwards the request to the matching Controller.
- The Controller calls the Model to build ViewData. It can call the model multiple times depending upon the ViewData that it is building.
- The Model, as mentioned earlier, is the middle tier, which might involve data access components, workflow activities, external web service dependencies etc. The Model returns the requested data to Controller.
- The Controller selects a View and passes the data to the View which it previously got from the Model. The View Renders the data and returns the generated HTML to the User.
Wednesday, March 3, 2010
How to tell if you have SSIS installled on SQL 2005
Open SQL Server Configuration Manager and on the SQL Server 2005 Services
section look for SQL Server Integration Services.
To install you need to check the Integration Services box when you run the
SQL Server setup program.
section look for SQL Server Integration Services.
To install you need to check the Integration Services box when you run the
SQL Server setup program.
Tuesday, March 2, 2010
Cross site scripting and ways to code against it
Cross site scripting is a vulnerability that exists when the software does not sufficiently validate, filter, escape, and encode user-controllable input before it is placed in output that is used as a web page that is served to other users.
Cross-site scripting (XSS) is one of the most prevalent, obstinate, and dangerous vulnerabilities in web applications. It's pretty much inevitable when you combine the stateless nature of HTTP, the mixture of data and script in HTML, lots of data passing between web sites, diverse encoding schemes, and feature-rich web browsers. If you're not careful, attackers can inject Javascript or other browser-executable content into a web page that your application generates. Your web page is then accessed by other users, whose browsers execute that malicious script as if it came from you (because, after all, it *did* come from you). Suddenly, your web site is serving code that you didn't write. The attacker can use a variety of techniques to get the input directly into your server, or use an unwitting victim as the middle man in a technical version of the "why do you keep hitting yourself?" game. http://cwe.mitre.org/top25/#CWE-79
Some references to help protect against XSS vulnerability
http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
http://msdn.microsoft.com/en-us/library/aa973813.aspx
In short- Validate your input and encode your output.
Cross-site scripting (XSS) is one of the most prevalent, obstinate, and dangerous vulnerabilities in web applications. It's pretty much inevitable when you combine the stateless nature of HTTP, the mixture of data and script in HTML, lots of data passing between web sites, diverse encoding schemes, and feature-rich web browsers. If you're not careful, attackers can inject Javascript or other browser-executable content into a web page that your application generates. Your web page is then accessed by other users, whose browsers execute that malicious script as if it came from you (because, after all, it *did* come from you). Suddenly, your web site is serving code that you didn't write. The attacker can use a variety of techniques to get the input directly into your server, or use an unwitting victim as the middle man in a technical version of the "why do you keep hitting yourself?" game. http://cwe.mitre.org/top25/#CWE-79
Some references to help protect against XSS vulnerability
http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
http://msdn.microsoft.com/en-us/library/aa973813.aspx
In short- Validate your input and encode your output.
Tuesday, February 16, 2010
Denver DNN user group
Good news! the Denver DNN user group will resume meetings now that a meeting location has been acquired. The new meeting location will be at the Wellington Webb municipal building at 201 W. Colfax ave room 1.D.1 on February 23rd at 6pm. Hope to see you all there.
Friday, February 12, 2010
High level estimates
I am currently working on creating High level estimates for a project that we are working on this year. I came across this method called PERT - Program Evaluation and Review Technique This technique allows you to plan and schedule high level tasks to complete a project, and visualize those tasks on a PERT network chart that shows time estimates between tasks and allows for task to be moved around, added and deleted as requirements are refined. I am currently researching other models for doing high level resource and time estimation of a program or project.
New IT country blog
Today I decided to start a new blog that I will use to document my learnings and experiences in the IT world. Including subjects like, IT management, System Administration, Application Development, web design, and Information Technology Architecture. I have about 15 years of IT experience, mostly in windows system administration. Last year I took the plunge and started working as an IT manager, at times this has been a painfully stressful experience, while at the same time a great learning experience. I look forward to all that I can learn from venturing into this new part of the IT universe. I hope to keep my technical skill sharp partly by continuing to learn and blog about new technologies that I come across.
Subscribe to:
Posts (Atom)
