מתקפת XSS – Cross Site Scripting

Thursday, December 6, 2018

מה זה XSS? הדפדפן שאנו מכירים כיום מאפשר לנו לראות תמונות, לשמוע קולות, לראות סרטונים, לטייל באתרים המעוצבים יפה ועוד. הרוב לא נתמך פעם. בתחילת הדרך הדפדפנים תמכו בטקסט בלבד, הם היו מיועדים להעברת מאמרים באוניברסיטאות וכל העודף מידע שיש כיום לא היה נחוץ אז.... עד שבא מישהו שזה כן היה נחוץ לו (טים ברנרס לי). אני לא ארחיב כאן בנושא כיוון שזו לא מטרת הפוסט אבל בזכות הפיתוח של טים, ה HTML, הדפדפנים יכולים כעת להציג תמונות, סרטונים, קולות ועוד. ה HTML מורכב מתגיות כמו img לתמונות, p לפסקאות ועוד. כל אלו מאפשרים אתרים מאוד נחמדים אבל די סטטיים. כאן באה...
אין תגובות

Webhooks

Sunday, January 8, 2017

I needed to read more than one article on webhooks in order to fully understand what webhooks are all about. It shouldn`t be!I`m going to try and give here the simplest explanation I can for what webhooks are all about and why you need them. I will also give a small code sample, and last, I will direct you to a good place to try out for your-self to write and use webhooks. Alright, so what are webhooks? Basically they are a simple website URL, which when addressed to it does some job. An easier concept to understand is a...
אין תגובות

ASP.NET HTTP Error 404.17 Not Found and HTTP status 405: method not allowed

Wednesday, November 2, 2016

Long time no post. I had a special task these last few days. We have a working application using ASP.NET on .Net framework 2.0 and we were in the process of finishing the test on the new .Net 4.0 version of the application. I was requested for easy landing to setup a side website on the production server so we can test it live. In order to make everything more complex we have in our application a 3rd party http handler which requires the application pool to be in classic mode. So I published the .Net 4.0 website and got our .aspx...
אין תגובות

CORS on a Node.js server – send data

Tuesday, April 19, 2016

In last post I showed you to open your REST service for everyone to collect data out of it. I n this post I will show you how easy it is also to allow external origin to send data to your service. It is as simple as the last post with just one line. The scenario for this this requirement is fairly simple, you have a REST service which externalize CRUD operations for some data. e.g. a book collection where you can add new books, update, remove, etc. If we return to our middleware function, we need to add just one...
תגיות: , , , ,
2 תגובות

CORS on a Node.js server

Monday, April 18, 2016

In the last post I showed you how to start a new REST project with a Node.js server and Express framework. Doing just this will not do all the work needed if you plan to expose the service to other origins or let external users use it. You need to allow CORS just like I did in this post on a .Net REST service. The Express framework gives you a way to allow CORS very easily to your REST service using its middleware abilities. A middleware is just a function (or a set of functions which run one after the...
2 תגובות

Start using Node.js with Express framework and MongoDB

Sunday, April 17, 2016

In this post I`ll talk about Node.js, what it is and what is it good for. I will also talk about how to use the Express framework to leverage the use of Node.js, and I will demonstrate also the use of MongoDB to give you code samples for a fully working server application. Node.js So what is Node.js? Node.js is a runtime environment built on Google Chrome V8 JavaScript engine. It is used to basically run JavaScript files without the need for a browser as a middleman. That said, we can now do amazing things using the power of JavaScript on...
אין תגובות

AngularJS basic concepts and getting started

Sunday, February 21, 2016

Today I will be talking about AngularJS, what it is and what is it good for. I will cover the basics for create a simple web application with AngularJS and in later posts we will grow together in order to build better and better applications. Before we start building anything, we should go over some basic concepts. What is Angular? AngularJS is an open source web application framework maintained by Google engineers and by the community. It allows the developer to build and maintain S.P.A. (Single Page Applications) easily. It provides the MVC (Model-View-Controller) architecture, thus allowing the application to be...
תגיות: , , ,
אין תגובות

DependencyInjection the ASP.NET Core 1.0 way

Sunday, February 7, 2016

In the last post about DependencyInjection I demonstrated how to get from NuGet the unity framework and how to use it in our project. In ASP.NET Core 1.0 we have support for DependencyInjection already build in. The build-in mechanism is abstracted via the IServiceProvider interface and is available throughout all component of the ASP.NET framework, making it easy for us to resolve everything everywhere. As always, we have several methods of registering types in the service provider. Instance – The same instance is resolved each time it is called.In this method you have to create the instance once yourself. Transient - The...

Expose and Consume a Web API service

Wednesday, February 3, 2016

When we say we want to build a Web API we have in our mind to build a service that will expose the data in a clean way that every device will be able to address in order to use the data.In this post I will do just that. I have built a service that retrieves some products and together in this post we will build a client that will use this data. I will build the client using Angular framework. Let`s get started. Open a new empty web project with no authentication and no need for azure service at the...
אין תגובות

Dependency Injection in ASP.NET Web API

Tuesday, February 2, 2016

This will be a really short post as it is really easy to use the unity framework in an ASP.NET Web API application. The application I will build is an ASP.NET 4.5 Web API application which brings products to the controller using Dependency Injection.  Short one on Dependency Injection Dependency Injection is a design pattern that implement IoC (Inversion of Control) for resolving dependencies for your class. Let us says that your controller is using some repository in order to fetch products from the database. You should not create the repository using the new keyboard as this will result in coupling...
תגיות: , , , ,
אין תגובות