Several years ago, I wrote a blog entry detailing how to use geocoder.us (and Yahoo!) web services to geocode an address. Since then both web services have changed a little and I found myself needing to update my code to support non-US locations. Below is sample code showing how to use Google’s Geocoding web service to get longitude and latitude values for addresses.
There’s always been a need to remove passwords from protected Microsoft Word documents when you need to make a change. My most common occurrence is with Human Resource (HR) forms. HR staff will create the MS Word document, password protect it, and then upload it to our company intranet. However, when I need to fill the form out, the only way to do so is to print the form, sign my name, scan the signed & printed form, and them email it back to them. What I would like to do, is to just paste a scan of my signature onto the form, save as a PDF, and them email them the PDF saving printing and scanning time and paper (which would then need to be shredded).
Here’s a trick that I learned a long time ago.
What is “Form Caching Vulnerability”?
The Form Caching Vulnerability allows sensitive form fields to be cached and retrieved by another user on the same client.
CWE-525: Information Exposure Through Browser Caching
This is the first of my series on securing ASP.NET web sites. As I work through various vulnerabilities, I’ll document instructions for fellow web developers in hopes that we can help build more secure web applications. The Cookie Vulnerability falls under the common vulnerability name of “Broken Authentication and Session Management.”
What is “Broken Authentication and Session Management”?
This cookie vulnerability is OWASP 2010 A3. You can read more at Top 10 2010-A3-Broken Authentication and Session Management. This threat applies to application functions related to authentication and session management not implemented correctly, allowing attackers to compromise passwords, keys, session tokens, or exploit other implementation flaws to assume other users’ identities.
Debugster is a suite of debugging and development tools for Comicster. I’ll go over each of the various tools below.
- Property Window
- Output Console
- Dynamic Execution