Error document information and what it indicates.

ODBC Error Code = 37000 (Syntax error or access violation)

[Microsoft][ODBC SQL Server Driver][SQL Server]Line 4: Incorrect syntax near '='.

Data Source = "ECommerceTheArchSupport2" SQL = "SELECT QuickJump_Items.ItemId FROM QuickJump_Items WHERE QuickJump_Items.ItemId <> 0 AND QuickJumpId ="

The error occurred while processing an element with a general identifier of (CFQUERY), occupying document position (1:1) to (1:42) in the template file K:\InetPub\clients\login\http\ailment.cfm

The specific sequence of files included or processed is:
K:\INETPUB\CLIENTS\LOGIN\HTTP\AILMENT.CFM

This error message indicates that the target web application if running Microsoft SQL and discloses directory structures.

Read More

How do you use RSA for both authentication and secrecy?

RSA is based upon public key/private key concept.

For authentication one can encrypt the hash (MD5/SHA) of the data with a private key. This is known as digital signature.

And secrecy / confidentiality is achieved by encrypting the data with the public key of the target user.

Generally we dont use RSA for encryption because of key size (1024 bits).
Rather a symmetric session key (128/256 bit) is established between communicating parties and is used for encryption.

Read More

Performance Testing Tools [.NET]

*Network Analysis Tool – application EKG by Leadbyte (http://www.leadbyte.com/)

*ASP.NET Profiling Tool – Ants Profiler by red-gate software (http://www.red-gate.com/)

Built-in Tools – IIS Log, SQL Profiler, SQL QA, Event Viewer, Perfmon/Sysmon, and ASP.NET Trace

Read More

New !! OWASP Mumbai Chapter Activity Site

Hey I have got gr8 thing to share....

I have made a new Site for detailing OWASP Mumbai Chapter Activities.
Please have a look at the site to download the presentations of OWASP Chapter Meetings, Read Meeting Notes, View Meeting Snaps and much more....

Link: http://owasp.mumbai.googlepages.com/

Do send me your response...

~ Dharmesh

Read More