Microsoft has put together a neat Virtual Lab were users can test run various web hacking techniques. In the lab they have create a web application that is vulnerable to several different types of attacks. You can load up the lab and actually perform an XSS hack, or do some SQL injection to deface the front page. Each different attack has step by step directions as well as information about securing and protecting your own site.
It is very much an IE and Windows website though. The introduction is in Silverlight, and the rest of the page is a mashup of Flash and ActiveX controls. Regardless, I think it is worth the time and effort needed to give this a run through. It’s good for users as well as web developers to see the types of attacks on web applications that are possible.
HelloSecureWorld [Virtual Labs]
Categories: Security
Tagged: .net, Application, Security, Web
January 17, 2008 · 1 Comment
Harris has announced a donation of $5 million to Florida Institute of Technology today. They will be building the new 24,000-square-foot Harris Center for Science and Engineering on Florida Tech’s Melbourne campus that will house the Harris Institute for Assured Information.
This is very exciting news for us here at Florida Tech’s existing Information Assurance Center. Despite the cramped lab space and small staff, the center has already been “recognized for its work and numerous government and national foundation contracts.” The new grant from Harris and the new center being built will undoubtedly bring us more expertise and opportunities for research.
You can read more details from the press release linked below.
Press Release [Harris]
Categories: Florida Tech
Tagged: fit, harris, information assurance, Security
January 17, 2008 · 1 Comment
Microsoft has made the source code for the .Net framework available. It has been released under a read-only license which has an interesting clarification: “the license does not apply to users developing software for a non-Windows platform that has “the same or substantially the same features or functionality” as the .NET Framework.” Does that mean that the Mono team can look at the source code and not be bound by the read-only clause, or that they can’t look at the source at all? I’ll have to read the license and find out.
There are detailed directions on how to get source code debugging set up in Visual Studio 2008 posted here [blogs.msdn]:
.NET Framework Library Source Code now available – ScottGu’s Blog [Announcement]
Categories: .net · programming
Tagged: .net, microsoft, mono, open source, Windows
