Preparing An ASP.Net Website For Penetration Testing?
Nov 8, 2010
Over the years I have had a few of the websites I have developed submitted for penetration testing by clients. Most of the time the issues that are highlighted when the results return relate to the default behaviour of ASP .Net such as possible cross site scripting attacks etc.Are there any good articles on which vulnerabilities exist by default in an ASP .Net application and secondly are there any good checklists to follow which will help prepare a site in advance?
i am finished writing the main part of my website and would now like to write the iphone version. is there a way to debug my site using the built in debugger in visual studio? i have only been able to access it on the computer it is running on.
I have an intranet site which is randomly timing out on pages. I have 5 similar sites and none of them have this problem. I'd like to test out what is causing it to time out, but it's an intranet site so many web testers can't reach it.
I've made a simple website in ASP.NET MVC Framework with users, articles etc., and images to users profiles. There is a simple static class for image manipulation (resizing, cropping and saving images on hard drive), placed in "Helper" directory. I wonder what to do with the code to preserve MVC principles and make whole website more unit testing friendly.
I want to create a unit testing project for my existing websiet which is written in VB. When I try to add a unit testing , no place I can select c#. It always create in VB. How can i add a c# unit testing project for it?
Recently for a class to implement unit test for one of its private methods I used PrivateObject by creating private accessor instead of refelection, to which i received a code review comment as below
"My main concern with Private Object is the use of object[] in constructor. It replaces strong typing enforced by compiler with JavaScript-style run-time error detection.Consequently , personally, I would not recommend it."
Comments above confused me beacuse as per my understanding reflection also needs the object[] to invoke any method.
I've got a really good idea for a service I'd like to create for the web, but since I'm new to ASP.NET I'd like to get everything up and running before I go and buy hosting etc.
What I'm curious about is the database side of things.
I don't quite understand how I can create a datebase on my computer for the sake of testing and practicing (Presumably through mssql server) and then just transfer it to a hosting account when I'm ready.
I guess the main part I don't understand is how can I connect to a database on my computer via my application and then change the connection so that it points to the web version when I'm ready.
I know that when you create the database and include it in your project it's not technically inside your project (Right?), but it just seems that the application is very rigid once you've specified the connection.
It's been so long since I've done this that I don't remember how.
Basically, I am creating a Web Application from scratch. I have dragged the LoginBox to the page and went to "Administer Website". Unfortunatel I see no where where I can choose to have the application talk to an externally-hosted database as opposed to defaulting to the "App_Data" folder. I am hosting an SQL instance named "SQLEPXRESS" on my development machine and have configured a database and user. I wish for the site to use this database and user and have set the connectionstring as follows in the web.config:
Yet even after adding that I see it showing no where in the "Administer Website" section. Please walk me through getting my application to talk to this database and configuring the necessary tables. I remember there needing to be some sort of exe I needed to run to do this, but my Google and forum searching is failing me.
am working as a web developer in a company. I am not aware of anything related to testing. Our company is planning to buy some testing softwares. Presently we are working on ASP.NET. We will be working on PHP and JAVA in future. I need your help to find out the best but cost effective testing sofwares.on TFS and Visual Studio Testing tool.
have been working on a leave module and it created this problem. I am trying to identify the end date from a given start date after deducting the public holidays including Fridays & Saturdays. It works like this,Suppose, the starting date is '22-Jun-2010' and the No of days employee wishes to take for leave is 25 days. I wanted to calculate the end date excluding the public holidays (Fridays and Saturdays).For ExampleLeave Requested - Start Date = '22/06/2010'No of days requested = 25 DaysPublic Holiday (National Day) = '26/07/2010'Public Holiday (On the occasion) = '27/07/2010'Output: Leave Start Date: '22/06/2010' Leave End Date: 28/06/2010'(End Date must be calculated without including the Fridays and Saturdaysor any given Public Holiday[National Day &On the occasion] - )
I'm currently building a .net web application that uses WCF web services to allow a Flex front end to access the database.
I'm in the process of setting up some unit/integration style testing on the web services and am trying to work out the best way to allow the tests to access and modify data in a separate test database.
Currently, the connection string in my unit test project points to my testing database, and the connection string in my web services project points to my development database. However, as I am using Linq it appears that when I call the web service methods from my test class, it uses the development database connection string. I have looked into creating mock objects or in-memory database but I believe the same issue would occur.
Is there a way to get this to work, or is my entire idea about what I want incorrect, in which case is there a better way to set this up?
I'm trying create unit testing for an existing website project (not web application project). I cannot access my under test classes unless I use accessor. However, if I use accessor, I have problem to initiate an object with passing arguments. I only want to create unit tetsing for App_Code. After searching web, and I found that I'd better to create a web application project using my current existing website project. From solution explorer, add new project ->using existing website. My questions is: what impact will have for my current website to create the new project? Should I just convert my current website to web application? If do that, will it cuase problems on my website? I am new on asp.net, still learning..
I was not able to do unit testing for our existing web site project. I converted the web site project to a web application project. I did some unit testing and changes on the converted web application project. However, my co-worker was doing UI testing on the web site project. We need put UI testing and unit testing to the web application project. Is it possible to move the UI testing code that my co-worker did to the web application project I am working? If so, how do you do it?
I have been looking at the unit testing topic and honestly I have never yet seen it in a live application.
Im a little foggy on the subject.... A simple example is if I am populating a listbox with data, I would know through debugging if the data is being populated and if it wasnt it would probably be easy to figure out why. Futhermore I couldnt possibly put it in production if it wasnt work so, why would I need to do a unit test? I dont see the point of it.
I'm using the Moq framework to do my unit testing. I'm following some really useful instructions outlined here to mock the httpcontext, specifically for the purposes of testing the url referrer:[URL]
Everything seems to compile fine, however when running the test I get the following error:
System.Web.HttpException: Invalid use of SimpleWorkerRequest constructor. Application path cannot be overridden in this context. Please use SimpleWorkerRequest constructor that does not override the application path..
When analyzing I find the error seems to be thrown at the following line:
var wr = new SimpleWorkerRequest("", "", "", "", writer); I'm not sure what to make of this. What is the SimpleWorkerRequest and how does it work in creating the HttpContext in Moq?? Why is my use of it invalid according to the debugger??
UPDATE: Here is the complete method I use taken from the website above
public static HttpContextBase FakeHttpContext() { var httpContext = new Mock<HttpContextBase>(); var request = new Mock<HttpRequestBase>(); var response = new Mock<HttpResponseBase>(); var session = new Mock<HttpSessionStateBase>(); var server = new Mock<HttpServerUtilityBase>(); var cookies = new HttpCookieCollection(); httpContext.Setup(x => x.Server).Returns(server.Object); httpContext.Setup(x => x.Session).Returns(session.Object); httpContext.Setup(x => x.Request).Returns(request.Object); httpContext.Setup(x => x.Response).Returns(response.Object); response.Setup(x => x.Cookies).Returns(cookies); httpContext.SetupGet(x => x.Request.Url).Returns(new Uri("http://www.csuci.edu")); httpContext.SetupGet(x => x.Request.UrlReferrer).Returns(new Uri("http://www.csuci.edu")); //var writer = new StringWriter(); //var wr = new SimpleWorkerRequest("", "", "", "", writer); //HttpContext.Current = new HttpContext(wr); return httpContext.Object; }
I commented out the problem lines, that seemed to fix it, but I'm still not sure what those lines were supposed to do and why they were causing error.
I know red-gate's ANTS Performance Profiler but it works with source code. I have an ASP.NET web application that is deployed on a remote server. I'm going to test its performance while it is working on the server.
My main goal is to detect what method of what class is slow and then is a bottleneck. Is there a way or a tool?
I use visual studio 2005 and now my team wants me to try my hand at some testing frameworks for asp.net websites.I'm completely new to testing. I want to know what kind of automated testing can I do.Can I test my business logic,Can I test my UI.I just started using NUnit and I am getting a hang of it. For Web UI testing I've tried Nunit asp.Somewhere I found about Selenium, which of this is better.Also is there an add-in to test Javascript code with NUnit.Is there an better alternative to NUnit.
I created a new ASP.NET MVC application and the accompanying unit tests that can be generated automatically. I created a new Controller method and tried to wire up a test. The test failed, and I tried to step through the test code to find out the state of certain variables. The breakpoint showed as being set, but it never was hit.
I did a Google search on this, and there are many other people wondering the same thing - why doesn't this work? The answers have been sketchy at best. The most proliferant seems to be that the unit tests are run in the production configuration instead of the debug configuration, and so several steps are required to get breakpoints to work. Seriously? This is something I would expect to be enabled by default. What good is test code you can't step through? Why create a set of unit tests that require you to jump through several hoops to get this very basic feature running? NUnit (and I suppose others) don't have this issue.
how to get the breakpoints to work were completely different than all the others, and I'd like to know if anyone has an idea of how to enable debugging of the unit tests that are included in Visual Studio 2008.
I would like to have information on the available unit testing frameworks in .NET realm. Especially the ones which are suitable for ASP.NET (C# .NET 3.5).
I've been investigating a few of them.What I have found so far that seems usable.
Windmill Selenium Watin
Windmill looks like it has the basics (still not sure if I can write C# unit tests with it)Watin seems awesome with Unit tests..of the 3, it looks like Selenium is trying to be the most fully featured af the 3 (most recent version is today!)
