Browse by Tags

All Tags>HTTP (RSS)

Update Released for Dynamic IP Restrictions Beta by naziml

We had a couple of forum threads that reported an issue in the Beta module for Dynamic IP Restrictions . Since we are doing a significant amount of change for Beta 2, we wanted to unblock customers affected by this issue be releasing a patch. So here...

Script to lock down IIS paths by naziml

In IIS 7 we have request filtering available to help with locking down files and directories that you don't want to serve out. This is useful for resources (like configuration) that you want your IIS worker process to have access to, but not serve it...

Script to install UrlScan v3.0 as a site filter. by naziml

Although using WIX to create an MSI to do this task is a cleaner approach, it is too heavy duty for me. I do this often enough to warrant creating a script for it, so I though I would share it out. To use it you would run: InstallUrlScanAtSite.js -siteid...

Token Kidnapping in Windows by naziml

Microsoft has just released MS09-012 to address this issue in it’s entirety. Get further details here . You have probably heard about the Token Kidnapping vulnerability in Windows and read Microsoft's security advisory on it and are wondering why there...

UrlScan v3.0 RTW Released by naziml

About 2 months ago we released the beta for UrlScan v3.0 to address customer concerns with automated SQL injection attacks and we have been busy since refining it with the help of our customers, community and MVPs. You can download the bits at the links...

Using the new rules configuration in UrlScan v3.0 Beta (Part 2) by naziml

Dissecting the SQL injection sample in the walkthrough I will spend some time dissecting the SQL injection rule posted in the walkthrough for UrlScan. Before I do so, I want to re-iterate the fact that SQL injection is a web application issue, and hence...
Tags:

UrlScan v3.0 filtering based on Request Entity by naziml

While some folks are rejoicing, others are noticing the lack of scanning for the request entity. Why would we do that? The easy answer is that this is just not possible with an ISAPI filter. In IIS 5 and earlier, there is no API that would allow us to...
Tags:

Interaction between URL Rewriter and Request Filtering Modules for IIS7 by naziml

I hope folks have noticed the TP for the URL Rewriter module. Download it and give it a try! Microsoft URL Rewrite Module for IIS 7.0 CTP1 (x86) Microsoft URL Rewrite Module for IIS 7.0 CTP1 (x64) I have been playing around with in my spare time to get...
Tags:

SQL Injection Demo by naziml

SQL injection seems to have faded from prominence lately and has become just a buzz word. To make things a little more real I put together a quick demo for it, to demonstrate that you don't necessarily have to go out of your way to make your web application...
Tags:

Filtering SQL injection from Classic ASP by naziml

SQL injection may be over a decade old, but even the best of us need a reminder once in a while. You should always validate input to your applications! There isn’t a ‘one size fits all’ solution to sanitizing input, so I will attempt to show what a general...
Tags:
More Posts
Powered by Community Server (Commercial Edition), by Telligent Systems