Hi, 
Guest
Pic
Sign In

websecurity@lists.webappsec.org

The Web Security Mailing List

View all threads

Partitioning data in cloud applications

PJ
Paul Johnston
Sun, Dec 9, 2012 2:17 PM

Hi,

I've just put a posting on my website about how to keep different users'
data separate from each other, something which is particularly
applicable to cloud applications.
http://pajhome.org.uk/security/clouddata.html

I'd be interested in feedback on this, and to hear about any other
approaches you have taken, and how well they worked out.

Regards,

Paul

--
Pentest - When a tick in the box is not enough

Paul Johnston - IT Security Consultant / Tiger SST
PenTest Limited - ISO 9001 (44/100/107029) / ISO 27001 (IS 558982)

Office: +44 (0) 161 233 0100
Mobile: +44 (0) 7817 219 072

Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy
Registered Number: 4217114 England & Wales
Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK

Hi, I've just put a posting on my website about how to keep different users' data separate from each other, something which is particularly applicable to cloud applications. http://pajhome.org.uk/security/clouddata.html I'd be interested in feedback on this, and to hear about any other approaches you have taken, and how well they worked out. Regards, Paul -- Pentest - When a tick in the box is not enough Paul Johnston - IT Security Consultant / Tiger SST PenTest Limited - ISO 9001 (44/100/107029) / ISO 27001 (IS 558982) Office: +44 (0) 161 233 0100 Mobile: +44 (0) 7817 219 072 Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy Registered Number: 4217114 England & Wales Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK
CK
Cheong Kai Wee
Mon, Dec 10, 2012 6:38 AM

Hi All,

May I know if there is any tool that can assist in manipulating ASP.net _EVENTVALIDATION parameter? For _VIEWSTATE, i am able to manipulate using tools such as fiddler viewstate viewer.

For _EVENTVALIDATION, the same tool can still be used to serialize/deserialize the parameter. However, it doesn't help in generating a valid hash value that i wish to add. I am looking for similar tool like "EventValidation Tool" in this tutorial: http://www.jardinesoftware.net/2012/02/06/asp-net-tampering-with-event-validation-part-1/ . It will also be helpful if anyone can point out the hashing algorithm used in _EVENTVALIDATION, in this case i can generate the hash value manually.

Thanks. :)

Cheers,
Kai Wee

Hi All, May I know if there is any tool that can assist in manipulating ASP.net _EVENTVALIDATION parameter? For _VIEWSTATE, i am able to manipulate using tools such as fiddler viewstate viewer. For _EVENTVALIDATION, the same tool can still be used to serialize/deserialize the parameter. However, it doesn't help in generating a valid hash value that i wish to add. I am looking for similar tool like "EventValidation Tool" in this tutorial: http://www.jardinesoftware.net/2012/02/06/asp-net-tampering-with-event-validation-part-1/ . It will also be helpful if anyone can point out the hashing algorithm used in _EVENTVALIDATION, in this case i can generate the hash value manually. Thanks. :) Cheers, Kai Wee
Empathy v1.0   2024 ©Harmonylists.com