Protection against XSS vulnerabilities with CSP headers (Content Security Policy)

 Posted on 16/10/2016  |  3 minutes  |  Aymeric

XSS vulnerabilities (Cross-Site Scripting), in 3rd position of the last OWASP TOP 10, are a door to get into IT systems (ports scanning, exploits, etc.) and a threat for users (authentication information theft). Traditional countermeasures are input filtering and output encoding to avoid executions of malicious scripts on users computers. Principe Another way to protect against this kind of vulnerabilitiy is to set up the Content-Security-Policy HTTP header to define the strategy to control contents downloaded by the web page. [Read More]
CSP  CSRF  Cybersecurity  HTTP  XSS 

WindDBG : load right extensions

 Posted on 13/07/2012  |  2 minutes  |  Aymeric

In order to debug .NET applications, Microsoft provides a tool called WinDBG available in “Windows SDK”. WinDBG is a native debugger and need additional extensions to work with .NET application. These extensions are different based on technology and .NET version (Silverlight / WPF / .NET 2.0 / .NET 4, etc.). SOS SOS.dll (Son Of Strike) is a DLL provided by .NET Framework and is available in folder : C:\Windows\Microsoft.NET\Framework\ The DLL loading is slightly different if your application is a classic . [Read More]
.NET  Debug  WinDBG 

XAML Spy Useful tool for XAML developers

 Posted on 11/07/2012  |  1 minutes  |  Aymeric

Released in June 2012, XAML Spy, Silverlight spy successor, is a tool to facilitate XAML developers life (Silverlight, Windows Phone and WinRT). If you’re used to develop with HTML/CSS, you may know “developers tools” from Internet Explorer 9 or Chrome, which allow you to select elements in the web pages, find associated CSS properties and edit them on the fly in order to view the result in the browser. In XAML application, any changes require rebuild in order to display new result. [Read More]
Silverlight  Windows Phone  WinRT  XAML  XAML Spy 

Use Visual Studio debugger in client side partial classes created on WCF proxy

 Posted on 24/04/2012  |  2 minutes  |  Aymeric

In application using WCF service, it is not uncommon to create partial classes on client side in order to add properties on objects retrieved by the service. Theses properties are needed by the client application (for interface for example) and they have no reason to present on server side. For instance, a class name Product has following properties defined on server side : Price, Name, Stock and has the property IsVisible defined on client side in order to display or not the product on UI. [Read More]
Debug  Visual Studio 2010 

Put on attribute per line in XAML files in Silverlight

 Posted on 15/08/2011  |  1 minutes  |  Aymeric

A XAML file can be unreadable when there are a lot of attributes in controls. Lines are often too long to be displayed on screen (horizontal scrollbar is required). Visual Studio 2010 offers an option allowing us to put one attribute per line automatically to facilitate code reading. So, when you have written your code, press Ctrl+K+D to format XAML. To activate this option, go to Tools -> Options, then open Text Editor -> XAML -> Formatting and select Spacing. [Read More]
Silverlight  Visual Studio 2010  XAML 

How to use mouse wheel on Silverlight and Chrome when Windowless is enabled

 Posted on 17/06/2011  |  4 minutes  |  Aymeric

In Silverlight, the mouse wheel works very well with every main browser (Internet Explorer, Firefox, Chrome, etc.) but not when Windowless is enabled. When this feature is enabled, NAPI based browsers like Chrome or Firefox don’t allow Silverlight to manage the mouse wheel. This article explains how to get the mouse wheel event using DOM. This article is based on code published on Compiled Experience but I’ve added some modifications to consider elements inherited from ItemsControl. [Read More]
.NET  Silverlight