Posts

Showing posts from March, 2017

Security: HTTP headers that expose web application / server vulnerabilities

Image
Today's blog post will cover how ASP.net response HTTP headers can expose security holes in your web application and servers. The post will also contain steps on how to remove this headers and mitigate chances of getting attacked using C# and ASP.net MVC. Problem When an attacker performs an attack on a web server, the first thing he /she needs to do is to identify the profile of his target. To profile a target web application / server, an attacker would have to perform the following steps: Identify the address of the web application.Identify the OS where the web application residesIdentify the type of server (IIS, Apache, etc) that was hosting the web applicationIdentify the frameworks (ASP.net MVC, PHP, JSF) used by the applications After an attacker gathers the following information, the attacker would proceed on using penetration tools (Kali's Metasploit and Websploit) to perform different kinds of attacks to dis…

Validating balanced parenthesis, brackets and braces inside a mathematical equation.

Image
Today, I will try to create a C# method that would validate if the brakcets, parenthesis and braces of a given mathematical equation is properly written, balanced and complete. The goal of this excercise is to utilize the stack data structure to write an algorithm with a linear growth. Any suggestions on how to do this using logarithmic algorithms are welcome.
The method should return true for the following inputs:(x + y) - ((z * y) + x){(1 / 2) + (y / z)} - ([g + z]) - (x + y)[x + y] - (5 * x)The method should return false for the following inputs:(x + 3]{(y + z)](x + y) + [g(5])]Solution
Clone it from GitHub
Below is a class that validates if the brackets, parenthesis and curly braces of a formula are properly written and has a counterpart. The class uses an instance of the native Dictionary class to identify pairs of opening and closing brackets, braces and parenthesis. The class have also utilized the native Stack …