Hi,
I've just put a posting on my website about how to keep different users'
data separate from each other, something which is particularly
applicable to cloud applications.
http://pajhome.org.uk/security/clouddata.html
I'd be interested in feedback on this, and to hear about any other
approaches you have taken, and how well they worked out.
Regards,
Paul
--
Pentest - When a tick in the box is not enough
Paul Johnston - IT Security Consultant / Tiger SST
PenTest Limited - ISO 9001 (44/100/107029) / ISO 27001 (IS 558982)
Office: +44 (0) 161 233 0100
Mobile: +44 (0) 7817 219 072
Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy
Registered Number: 4217114 England & Wales
Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK
Hi All,
May I know if there is any tool that can assist in manipulating ASP.net _EVENTVALIDATION parameter? For _VIEWSTATE, i am able to manipulate using tools such as fiddler viewstate viewer.
For _EVENTVALIDATION, the same tool can still be used to serialize/deserialize the parameter. However, it doesn't help in generating a valid hash value that i wish to add. I am looking for similar tool like "EventValidation Tool" in this tutorial: http://www.jardinesoftware.net/2012/02/06/asp-net-tampering-with-event-validation-part-1/ . It will also be helpful if anyone can point out the hashing algorithm used in _EVENTVALIDATION, in this case i can generate the hash value manually.
Thanks. :)
Cheers,
Kai Wee