They aren't kidding about that 'enable exceptions' thing
In the default templates for WinJS Windows 8 applications, there are two lines that are easy to ignore: // Uncomment the following line to enable first chance exceptions. //...
View ArticleDirect Object References
I have to use the Open Graph API from Facebook ton my current project, and I found a real life example of the Direct Object Reference flaw I discuss in my Pentesting ASP.NET talk.The Direct Object...
View ArticleWin8 Metro Style navigation
WARNING! This is based on Developer Preview, and much has changed.Navigation in Metro is a little fuzzy right now. Fortunately Visual Studio has a navigation template. If you click File.NewProject, and...
View ArticleUpcoming talks
I'm speaking at the Louisville .NET Developer's group about ASP.NET MVC pen testing and the OWASP Top 10 on Thursday June 21.I'm also scheduled to speak at That Conference, a developer summer camp in...
View ArticleClik here to view.
Updating your Windows 8 HTML 5 Metro project to RC
In updating my Metro app to Windows 8 RC, I only ran into one incompatibility - Microsoft revved WinJS (as they should!) The error I got was:Error 1 Could not find SDK "Microsoft.WinJS, Version=0.6"....
View ArticleTreating users right
This is an excerpt from the upcoming book Programming Windows 8 with HTML5 for Dummies----------------------------------------Metro apps are different. As I mentioned in This Is Not .NET, Metro apps...
View ArticleAnimating Windows
This is an excerpt from the upcoming book Programming Windows 8 with HTML5 for Dummies-----------------------------------------The component animation that is inherent to HTML5 and even JQuery is not...
View ArticleClik here to view.
Doing security analysis on Windows 8 Metro Apps with Zed Attack Proxy
This is the first in a series of articles about attacking Windows 8 applications using Zed Attack Proxy, or ZAP. Windows 8 is the new version of the venerable Windows operating system from Microsoft....
View ArticleDon't put secrets in the URL Querystring
I am working on an app for Facebook right now, and I came across this gem:Note that because this request uses your app secret, it must never be made in client-side code or in an app binary that could...
View Article