In this Web Security Series I will discuss some basic measures to consider for securing ASP.NET WebForms applications.
The default ASP.NET Validator Controls are all validating their target input fields server-side and most of them offer also client-side validation. Only the CustomValidator does not offer client-side validation by default because the CustomValidator logic is customized by the developer in the code-behind. Microsoft confirms that the validator controls use at least server-side validation on this page: https://msdn.microsoft.com/en-us/library/yb52a4x0.aspx:
As a system administrator it is always a challenge to keep your directoryservices clean and tidy. Especially working in a team with not all autistic people things will eventually get polluted. I found a nice little script on clintmcguire.com that will do the following for you:
- Retrieve a list of all domain controllers in the current domain
- Retrieve a list of all computer objects in your domain
- Retrieve the last logon timestamp for each computer from every domain controller
- List the latest logon time onto the domain for each computer in a csv file
With the csv file it's easy to check for computers not having logged onto the domain for a certain time. If the certain time is too long it may be time to remove the computer from the domain.
Part of my passion for software development is the desire to write code simpler and more maintainable. Microsoft is continually improving their programming languages, including C#. The most current version of C# is version 6, which has just been released with Visual Studio 2015. In it's early days C# missed quite some features that were already mainstream in some other languages, but Microsoft C# has improved much of the last years. There are many features that help writing the desired simpler and more maintainable code in C# and in the .NET framework. In my field of work it's not always easy to keep up with all the developments and I hope I can be of some, even minor, help to highlight the options in coding.
One of the advantages of being a developer is that you can create and apply technical solutions anywhere you have authority in your work field. I've always loved using my programming skills to make the work easier when I worked as a Windows system administrator. The .NET Framework offers a lot of powerful tools with relatively simple interfaces for working with Active Directory. Most of these can be found in the
One of my favorite tools is the
DirectorySearcher object. It makes querying Active Directory for all kinds of objects very quick and very easy while still being configurable. There is also a higher level abstraction of this object called the
PrincipalSearcher. It is a still a little easier to configure, mainly because it supports "Query by Example", but in my opinion it pays off to figure out the DirectorySearcher because using a custom query filter allows you to fine tune your searching.