www.jardinesoftware.net
Open in
urlscan Pro
66.33.220.99
Public Scan
Submitted URL: http://jardinesoftware.net/
Effective URL: https://www.jardinesoftware.net/
Submission: On June 14 via api from GB — Scanned from GB
Effective URL: https://www.jardinesoftware.net/
Submission: On June 14 via api from GB — Scanned from GB
Form analysis 1 forms found in the DOM
GET /index.php
<form id="searchform" method="get" action="/index.php">
<input type="text" value="Search this blog..." name="s" id="s" onfocus="if (this.value == 'Search this blog...') {this.value = '';}" onblur="if (this.value == '') {this.value = 'Search this blog...';}">
<input type="submit" id="sbutt" value="GO">
</form>Text Content
Home About * BLOGROLL * DevelopSec * ARCHIVES * February 2020 * October 2019 * May 2019 * June 2018 * November 2017 * June 2017 * February 2017 * October 2016 * September 2016 * May 2016 * February 2016 * January 2016 * November 2015 * October 2015 * September 2015 * April 2015 * October 2014 * August 2014 * December 2013 * November 2013 * October 2013 * July 2013 * May 2013 * April 2013 * March 2013 * January 2013 * December 2012 * September 2012 * August 2012 * July 2012 * April 2012 * March 2012 * February 2012 * January 2012 * September 2011 * July 2011 * June 2011 * April 2011 * March 2011 * February 2011 * January 2011 * November 2010 * October 2010 * September 2010 * July 2010 * May 2010 * April 2010 * February 2010 * January 2010 * December 2009 * October 2009 * August 2009 * April 2009 * March 2009 * January 2008 * December 2007 * October 2007 CHROME IS MAKING SOME CHANGES… ARE YOU READY? Posted by James Jardine on February 10, 2020 · Comments Off on Chrome is making some changes… Are you Ready? Filed under: Development, Security Last year, Chrome announced that it was making a change to default cookies to SameSite:Lax if there is no SameSite setting explicitly set. I wrote about this change last year (https://www.jardinesoftware.net/2019/10/28/samesite-by-default-in-2020/). This change could have an impact on some sites, so it is important that you test this out. The changes are supposed ... More Tags: Application Security, appsec, Secure Code, secure defaults, secure development, security testing SAMESITE BY DEFAULT IN 2020? Posted by James Jardine on October 28, 2019 · Comments Off on SameSite By Default in 2020? Filed under: Development, Security, Testing If you haven't seen, Cross Site Request Forgery (CSRF) is getting a big protection by default in 2020. Currently, most protections need to be implemented explicitly. While we are seeing some nonces included and checked by default (Razor Pages), you typically still need to explicitly check the nonce. This requires that the developers understand that ... More Tags: app testing, applicaiton security, SDL, secure, Secure Code, secure development XXE DOS AND .NET Posted by James Jardine on May 6, 2019 · Comments Off on XXE DoS and .Net Filed under: Development, Security External XML Entity (XXE) vulnerabilities can be more than just a risk of remote code execution (RCE), information leakage, or server side request forgery (SSRF). A denial of service (DoS) attack is commonly overlooked. However, given a mis-configured XML parser, it may be possible for an attacker to cause a denial of service attack and ... More Tags: .Net, .Net Core, Application Security, appsec, ASP.Net, developer security, maxcharactersfromentities, Security, security training OVERVIEW OF WEB SECURITY POLICIES Posted by James Jardine on June 27, 2018 · Comments Off on Overview of Web Security Policies Filed under: Development, Security, Testing A vulnerability was just identified in your website. How would you know? The process of vulnerability disclosure to an organization is often very difficult to identify. Whether you are offering any type of bounty for security bugs or not, it is important that there is a clear path for someone to notify you of a potential ... More Tags: Application Security, developer, researcher, secure development, secure software, secure testing, security research, security training, security.txt, white hat INTRO TO NPM-AUDIT Posted by James Jardine on June 27, 2018 · 1 Comment Filed under: Development, Security, Testing Our applications rely more and more on external packages to enable quick deployment and ease of development. While these packages help reduce the code we have to write ourselves, it still may present risk to our application. If you are building Nodejs applications, you are probably using npm to manage your packages. For those ... More Tags: 3rd party component, applicaiton security, components, javascript, nodejs, npm, secure, secure development, Security, security components, security testing XSS IN SCRIPT TAG Posted by James Jardine on June 27, 2018 · Comments Off on XSS in Script Tag Filed under: Development, Security, Testing Cross-site scripting is a pretty common vulnerability, even with many of the new advances in UI frameworks. One of the first things we mention when discussing the vulnerability is to understand the context. Is it HTML, Attribute, JavaScript, etc.? This understanding helps us better understand the types of characters that can be used to expose ... More Tags: Application Security, appsec, cross-site scripting, developer security, secure coding, secure development, Security, security awareness, XSS JAVASCRIPT IN AN HREF OR SRC ATTRIBUTE Posted by James Jardine on November 30, 2017 · Comments Off on JavaScript in an HREF or SRC Attribute Filed under: Development, Security, Testing The anchor (<a>) HTML tag is commonly used to provide a clickable link for a user to navigate to another page. Did you know it is also possible to set the HREF attribute to execute JavaScript. A common technique is to use the onclick event of the anchor tab to execute a JavaScript method when ... More Tags: app testing, applicaiton security, appsec, dynamic analysis, Penetration Testing, qa, secure development, Security, security testing, static analysis, Testing THE END OF REQUEST VALIDATION Posted by James Jardine on June 1, 2017 · Comments Off on The end of Request Validation Filed under: Development, Security One of the often overlooked features of ASP.Net applications was request validation. If you are a .Net web developer, you have probably seen this before. I have certainly covered it on multiple occasions on this site. The main goal: help reduce XSS type input from being supplied by the user. .Net Core has opted to ... More Tags: .Net, request validation, Secure Code, secure development, Security, security training, validaterequest SECURITY TIPS FOR COPY/PASTE OF CODE FROM THE INTERNET Posted by James Jardine on February 6, 2017 · Comments Off on Security Tips for Copy/Paste of Code From the Internet Filed under: Development, Security Developing applications has long involved using code snippets found through textbooks or on the Internet. Rather than re-invent the wheel, it makes sense to identify existing code that helps solve a problem. It may also help speed up the development time. Years ago, maybe 12, I remember a co-worker that had a SQL Injection vulnerability in ... More Tags: Application Security, appsec, copy, developer, developer training, passwords, paste, Secure Code, secure defaults, Security, security training SQL INJECTION: CALLING STORED PROCEDURES DYNAMICALLY Posted by James Jardine on October 26, 2016 · Comments Off on SQL Injection: Calling Stored Procedures Dynamically Filed under: Development, Security, Testing It is not news that SQL Injection is possible within a stored procedure. There have been plenty of articles discussing this issues. However, there is a unique way that some developers execute their stored procedures that make them vulnerable to SQL Injection, even when the stored procedure itself is actually safe. Look ... More Tags: Application Security, Development, Penetration Testing, secure development, Security, security testing, SQL Injection, Testing Next Page » * FOLLOW US * RECENT POSTS * Chrome is making some changes… Are you Ready? * SameSite By Default in 2020? * XXE DoS and .Net * Overview of Web Security Policies * Intro to npm-audit * WHO I SUPPORT Tour de Cure - A fight against diabetes. Click to Donate Questions or problems regarding this web site should be directed to webmaster@JardineSoftware.com Copyright © 2004-2013 Jardine Software, Inc. All rights reserved.