Protect Against Enumeration Attacks in C# in 2022

2 min read Enumeration Attacks are a type of attack in which the attacker tries to guess or validate a data set with the goal of extracting more information than they had to start out. For example, finding out if a user is a member of the site by trying to log in with millions of email addresses and checking if the page responds differently to an account existing but with a bad password vs not existing in the system.The first step in defending against enumeration attacks is making it infeasible to extract the data they’re after by limiting the number of attempts they can make, and monitoring user activity closely so you know when someone might be trying to break.

READ MORE

How to get rid of election warnings on Twitter with uBlock

2 min read The internet is full of misinformation, and we know it. These helped spread awareness in the beginning, but it just gets annoying to keep seeing the same warnings over without any new information. So… time to stop seeing those pesky spam messages :) How? Well, simple, same as we deal with any annoying ads -> with an Ad Blocker. In this case, I used uBlock Origin on Firefox. Install uBlock Origin Head over to the Firefox Add-Ons store and install uBlock Origin. Direct link: Once you install it, you can…

READ MORE

C# Sending Emails with the Mailgun API

< 1 min read Sending email in C# via the Mailgun API is about 3x faster than via SMTP. They make it very straightforward, just requiring a form-encoded POST with basic authentication. Full API reference can be found here: https://documentation.mailgun.com/en/latest/api-sending.html#sending

READ MORE

How to Upload Large Files

4 min read Uploading files these days is pretty straightforward in just about any web framework and programming language, however, when files get big or many files are uploaded at the same time, memory usage starts being a concern and starts to run into bottlenecks. Aside from this, frameworks put in constraints to protect the application from things like denial of service through resource exhaustion. I ran into several of these limitations over the years and came up with a few solutions. The examples below are using the MVC framework in .net core…

READ MORE

Concepts for a Modern Planet-Scale Application

12 min read When an application starts to become popular, usually it’s time to rejoice, however that depends on how the exact shape of that trend and how prepared you are for it. Sometimes, it’s just a matter of getting a more powerful server, and cloud providers such as Azure have made that incredibly easy, and you can set autoscale to beef up your server when it’s needed. However, at a certain point that hits a limit, and you need to start scaling horizontally. In this post, I’ll discuss some concepts used by…

READ MORE

Work with a REST API using PowerShell

2 min read A well-designed REST API can be consumed and interacted with in many ways. Powershell is one of those really useful ones because it’s very dynamic. We’ll also consider that the API is protected using JWT Bearer tokens by an OpenID Connect server. Our example API, in this case, is a simple REST API to query and manage users.

Set required headers:

Adding the bearer token manually to the script in this case, but this step could be automated as well although it’s a lot more involved to initially set up. See the following guide for one way of doing this https://docs.microsoft.com/en-us/information-protection/develop/concept-authentication-acquire-token-ps

$headers = @{}
$headers["Accept"] = "application/json"
$headers["Authorization"] = "Bearer 3a5e90b25ac028ec968def29d0055d418265e9810968eb4a0c531a45fee3b00f"
READ MORE

Signing Git Commits Using YubiKey on Windows

8 min read There are several things we need to do in order to achieve end-to-end security in our release pipeline. In this post, I’ll explain how to set up signing git commits and store the private key on a YubiKey using it as a smart card. Signing our commits is especially important in public projects like those on GitHub, to avoid people impersonating us. For private projects and later on in the build pipeline, we can validate that all our commits are signed by trusted parties, and add gates to protect against unauthorized code making it into our products.

READ MORE

Tags

amp authentication Azure DevOps C# chocolatey cloudflare cloudflare workers code quality Debugging DevOps elastic cloud elasticsearch feature flags foreman git hashicorp Health Checks infrastructure interesting large scale management MVC neo4j owasp password security PowerShell ravendb real user monitoring Release Notes REST rubber ducky security Security Headers seo sonarqube SQL ssllabs static code analysis terraform TFS upload vault VSTS wordpress Yubikey

Categories

Popular Posts

C# Active Directory
September 16
Process / Memory Dumps 1
Process / Memory Dumps
September 21
SQL Server hide database list from a particular user
November 5