SEARCH RESULTS
 
Showing 1-10 of 45 records
 
Expand article

Better exception reporting in ASP.NET part 2

2008-08-04 14:11:14 by keith-brown in Security Briefs
 
...exception stack traces The second post described my solution This post shows the code I used to solve the problem: a custom email provider for the Health Monitoring system in ASP.NET. Enjoy Here's the provider. Note that I opted *not* to build a buffering provider to keep things simple public class MyMailWebEventProvider : WebEventProvider {...
 
Tags: return, return subjectbuilder, return formatter, exception, formatter, crazy formatter, static void, static void emitprocessinfo, return null
 
 
 
 
Expand article

ASP.NET Health Monitoring doesn't log inner exception stack trace

2008-08-01 16:21:00 by keith-brown in Security Briefs
 
...exceptions. The stack trace looks the same because of the way the methods are invoked (via reflection) - you end up with a stack trace for a TargetInvocationException, which basically says, "I used reflection to invoke some method, and it threw an exception. See the inner exception for details ASP.NET's health monitoring system does list the...
 
Tags: exception stack trace, exception, stack trace, net, net web event, asp, exceptions, solution, cleaner solution
 
 
 
 
Expand article

Better exception reporting in ASP.NET

2008-08-01 20:30:05 by keith-brown in Security Briefs
 
...exceptions, which can be problematic due to its heavy reliance on reflection. I spent the morning doing some further spelunking with reflector , and my first solution was to implement a custom WebEvent that overrides ToString() to format itself with all of the data I care about. I then overrode the Error event via global.asax and raised my...
 
Tags: error event, event, provider, default event, email provider calls, event log provider, provider include, custom email provider, output stack traces
 
 
 
 
Expand article

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle
 
...exceptions get logged [stage 4], which tests you re-run [stage 6] and even which parsers you might decide to go after next [stage 1], etc). Below is a brief listing of each stage and its associated tasks Stage 1: Prerequisites Identifying the targets (program interfaces to fuzz Prioritizing your efforts (test planning Setting Bug Bar Stage 2:...
 
Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions
 
 
 
 
Expand article

PrincipalPermissionAttribute and Static ctor Leads to DoS

2007-12-03 09:03:00 by Keith Brown in Security Briefs
 
...exception that you can run into if the first request to the class is denied by the attribute Be careful about using this attribute at the class level. If the class to which you apply it happens to have a static constructor (or, even worse, if it may get one in the future), realize that this attribute applies to the static constructor as well!...
 
Tags: class sensitive, sensitive, class, class level, static constructor, inside static constructor, class program, static constructor leads, static void
 
 
 
 
Expand article

My New Favorite Tool Case Complete by Serlio Software

2006-10-17 04:54:00 by Eric Marvets in The Security Samurai
 
...exception steps. If you attach an exception to step 2, then move step 2 to 3, it will update the exception to step 3 as well. Even typing Continue at Step 4 in an exception will cause it to change if step 4 were ever renumbered Link to other Use Cases or Requirements. All you have to do is highlight some text or just right click on an empty...
 
Tags: word, word report, microsoft word, exception steps, move step, step, exception, word deals, serlio software
 
 
 
 
Expand article

Setting file ACLs with PowerShell part 4

2007-11-29 09:34:00 by Keith Brown in Security Briefs
 
...exception This syntax allows you to create type-constrained variables. Now when I assign an object to $b, PowerShell will first try to cast that object to System.Int32 (you could also have used "int", by the way). The last line of code above will throw an invalid cast exception. This is a very useful feature, allowing you to get some helpful...
 
Tags: values, invalid enumeration values, enumeration, enumeration values, new-object security, object, powershell, invalid cast exception, cast
 
 
 
 
Expand article

Boston Court's Meddling With 'Full Disclosure' Is Unwelcome

2008-08-21 04:00:00 by Bruce Schneier in Wired Security
 
...exception The reason we want researchers to publish vulnerabilities is because that's how security improves. But in every case there's someone -- the Massachusetts Bay Transit Authority, the locksmiths, an election machine manufacturer -- who argues that, in this one case, we should make an exception We shouldn't. The benefits of responsibly...
 
Tags: computer security improves, security improves, computer security, security, mit security researchers, security devices, security holes, disclosure, security properly
 
 
 
 
Expand article

Full Disclosure and the Boston Farecard Hack

2008-08-26 06:04:49 by schneier in Schneier on Security
 
...exception The reason we want researchers to publish vulnerabilities is because that's how security improves. But in every case there's someone -- the Massachusetts Bay Transit Authority, the locksmiths, an election machine manufacturer -- who argues that, in this one case, we should make an exception We shouldn't. The benefits of responsibly...
 
Tags: computer security improves, security improves, computer security, security, mit security researchers, security devices, security holes, disclosure, security properly