SlideShare una empresa de Scribd logo

Fun With Http Handlers - Miguel A. Castro

Descargar como PPT, PDF
M
Mohammad Tayseer
1 de 22
FUN WITH HTTP HANDLERS Miguel A. Castro [email_address]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],ineta
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]
Identifying The Problem ,[object Object],[object Object],[object Object],[object Object],Require the ability to prevent unauthorized downloading of files from your web site.
Common Protection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Common Protection ,[object Object],[object Object],[object Object],[object Object]
[object Object]
ASP.NET’s Request Line (brief) Browser makes request (may also be made from within a page) Requested extension is located in registered extensions in IIS Appropriate DLL handles the file Default.aspx *.aspx, *.asmx, *.ashx, *.html, *.config, etc. aspnet_isapi.dll ASP.NET Extension is located in <httpHandlers> section of the Config file chain. The proper handler is loaded and request is sent into it for processing. Processing result may be sent to browser (html) or rerouted elsewhere. During the Pipeline Processing
[object Object]
Bulletproof Technique (step 1) ,[object Object],[object Object]
IIS6 Registration
IIS6 Registration
IIS7 Registration
IIS7 Registration
IIS7 Registration Note: IIS 7 stores its registrations in the <system.webServer> section of appropriate config file.
Bulletproof Technique (step 2) ,[object Object],[object Object],[object Object],[object Object]
ASHX Files ,[object Object],[object Object],[object Object]
Bulletproof Technique (step 3) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Other Uses For Handlers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
More About Handlers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Summary ,[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recomendados

Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTTSecuring you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTTGabriel Villa
 
How to Harden the Security of Your .NET Website
How to Harden the Security of Your .NET WebsiteHow to Harden the Security of Your .NET Website
How to Harden the Security of Your .NET WebsiteDNN
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net applicationZAIYAUL HAQUE
 
ASP.NET security vulnerabilities
ASP.NET security vulnerabilitiesASP.NET security vulnerabilities
ASP.NET security vulnerabilitiesAleksandar Bozinovski
 
Compute Security - Host Security
Compute Security - Host SecurityCompute Security - Host Security
Compute Security - Host SecurityEng Teong Cheah
 
Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall introRich Helton
 
WordPress Security by Nirjhor Anjum
WordPress Security by Nirjhor AnjumWordPress Security by Nirjhor Anjum
WordPress Security by Nirjhor AnjumAbul Khayer
 
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric Vanderburg
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric VanderburgEthical hacking Chapter 10 - Exploiting Web Servers - Eric Vanderburg
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric VanderburgEric Vanderburg
 

Recomendados

Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTTSecuring you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTTGabriel Villa
 
How to Harden the Security of Your .NET Website
How to Harden the Security of Your .NET WebsiteHow to Harden the Security of Your .NET Website
How to Harden the Security of Your .NET WebsiteDNN
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net applicationZAIYAUL HAQUE
 
ASP.NET security vulnerabilities
ASP.NET security vulnerabilitiesASP.NET security vulnerabilities
ASP.NET security vulnerabilitiesAleksandar Bozinovski
 
Compute Security - Host Security
Compute Security - Host SecurityCompute Security - Host Security
Compute Security - Host SecurityEng Teong Cheah
 
Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall introRich Helton
 
WordPress Security by Nirjhor Anjum
WordPress Security by Nirjhor AnjumWordPress Security by Nirjhor Anjum
WordPress Security by Nirjhor AnjumAbul Khayer
 
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric Vanderburg
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric VanderburgEthical hacking Chapter 10 - Exploiting Web Servers - Eric Vanderburg
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric VanderburgEric Vanderburg
 
ASP.NET Web Security
ASP.NET Web SecurityASP.NET Web Security
ASP.NET Web SecuritySharePointRadi
 
IIS 6.0 and asp.net
IIS 6.0 and asp.netIIS 6.0 and asp.net
IIS 6.0 and asp.netRishi Kothari
 
How to Secure Your WordPress Site
How to Secure Your WordPress SiteHow to Secure Your WordPress Site
How to Secure Your WordPress SiteQBurst
 
EPiServer Deployment Tips & Tricks
EPiServer Deployment Tips & TricksEPiServer Deployment Tips & Tricks
EPiServer Deployment Tips & TricksEPiServer Meetup Oslo
 
SQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionSQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionGabriel Villa
 
Secure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior
 
Is Drupal secure?
Is Drupal secure?Is Drupal secure?
Is Drupal secure?Four Kitchens
 
Drupal security
Drupal securityDrupal security
Drupal securityTechday7
 
Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Vasan Ramadoss
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurationsMegha Sahu
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Jannis Kirschner
 
Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application FirewallPort80 Software
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure worldGianluca Sartori
 
Drupal and Security: What You Need to Know
Drupal and Security: What You Need to KnowDrupal and Security: What You Need to Know
Drupal and Security: What You Need to KnowAcquia
 
Антон Бойко "Azure Web Apps deep dive"
Антон Бойко "Azure Web Apps deep dive"Антон Бойко "Azure Web Apps deep dive"
Антон Бойко "Azure Web Apps deep dive"Fwdays
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Identity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionIdentity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionEng Teong Cheah
 
Spa Secure Coding Guide
Spa Secure Coding GuideSpa Secure Coding Guide
Spa Secure Coding GuideGeoffrey Vandiest
 
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWeb Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWebsecurify
 
OWASP -Top 5 Jagjit
OWASP -Top 5 JagjitOWASP -Top 5 Jagjit
OWASP -Top 5 JagjitJagjit Singh Brar
 
Interview with Manhattan Guru
Interview with Manhattan GuruInterview with Manhattan Guru
Interview with Manhattan GuruSteve Do
 
G
GG
Ghallaj
 

Más contenido relacionado

La actualidad más candente

How to Secure Your WordPress Site
How to Secure Your WordPress SiteHow to Secure Your WordPress Site
How to Secure Your WordPress SiteQBurst
 
SQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionSQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionGabriel Villa
 
Secure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior
 
Drupal security
Drupal securityDrupal security
Drupal securityTechday7
 
Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Vasan Ramadoss
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurationsMegha Sahu
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Jannis Kirschner
 
Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application FirewallPort80 Software
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure worldGianluca Sartori
 
Drupal and Security: What You Need to Know
Drupal and Security: What You Need to KnowDrupal and Security: What You Need to Know
Drupal and Security: What You Need to KnowAcquia
 
Антон Бойко "Azure Web Apps deep dive"
Антон Бойко "Azure Web Apps deep dive"Антон Бойко "Azure Web Apps deep dive"
Антон Бойко "Azure Web Apps deep dive"Fwdays
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Identity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionIdentity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionEng Teong Cheah
 
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWeb Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWebsecurify
 

La actualidad más candente (20)

ASP.NET Web Security
ASP.NET Web SecurityASP.NET Web Security
ASP.NET Web Security
 
IIS 6.0 and asp.net
IIS 6.0 and asp.netIIS 6.0 and asp.net
IIS 6.0 and asp.net
 
How to Secure Your WordPress Site
How to Secure Your WordPress SiteHow to Secure Your WordPress Site
How to Secure Your WordPress Site
 
EPiServer Deployment Tips & Tricks
EPiServer Deployment Tips & TricksEPiServer Deployment Tips & Tricks
EPiServer Deployment Tips & Tricks
 
SQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionSQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion Prevention
 
Secure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior - Os command injection
Secure Code Warrior - Os command injection
 
Is Drupal secure?
Is Drupal secure?Is Drupal secure?
Is Drupal secure?
 
Drupal security
Drupal securityDrupal security
Drupal security
 
Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Secure Web Applications Ver0.01
Secure Web Applications Ver0.01
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application Firewall
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure world
 
Drupal and Security: What You Need to Know
Drupal and Security: What You Need to KnowDrupal and Security: What You Need to Know
Drupal and Security: What You Need to Know
 
Антон Бойко "Azure Web Apps deep dive"
Антон Бойко "Azure Web Apps deep dive"Антон Бойко "Azure Web Apps deep dive"
Антон Бойко "Azure Web Apps deep dive"
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
Identity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionIdentity Security - Azure Identity Protection
Identity Security - Azure Identity Protection
 
Spa Secure Coding Guide
Spa Secure Coding GuideSpa Secure Coding Guide
Spa Secure Coding Guide
 
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWeb Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security Toolkit
 
OWASP -Top 5 Jagjit
OWASP -Top 5 JagjitOWASP -Top 5 Jagjit
OWASP -Top 5 Jagjit
 

Destacado

Interview with Manhattan Guru
Interview with Manhattan GuruInterview with Manhattan Guru
Interview with Manhattan GuruSteve Do
 
Advanced Web Form Practices - Miguel A. Castro
Advanced Web Form Practices - Miguel A. CastroAdvanced Web Form Practices - Miguel A. Castro
Advanced Web Form Practices - Miguel A. CastroMohammad Tayseer
 
Understanding ASP.NET Under The Cover - Miguel A. Castro
Understanding ASP.NET Under The Cover - Miguel A. CastroUnderstanding ASP.NET Under The Cover - Miguel A. Castro
Understanding ASP.NET Under The Cover - Miguel A. CastroMohammad Tayseer
 
前端 JavaScript 相关的小Tips
前端 JavaScript 相关的小Tips前端 JavaScript 相关的小Tips
前端 JavaScript 相关的小Tipsblank zheng
 
Extensibility - Software That Survives - Miguel A. Castro
Extensibility - Software That Survives - Miguel A. CastroExtensibility - Software That Survives - Miguel A. Castro
Extensibility - Software That Survives - Miguel A. CastroMohammad Tayseer
 
Dynamic programming on .net
Dynamic programming on .netDynamic programming on .net
Dynamic programming on .netMohammad Tayseer
 
Pni Final Presentation
Pni Final PresentationPni Final Presentation
Pni Final Presentationjohnadam
 

Destacado (9)

Interview with Manhattan Guru
Interview with Manhattan GuruInterview with Manhattan Guru
Interview with Manhattan Guru
 
G
GG
G
 
Advanced Web Form Practices - Miguel A. Castro
Advanced Web Form Practices - Miguel A. CastroAdvanced Web Form Practices - Miguel A. Castro
Advanced Web Form Practices - Miguel A. Castro
 
Understanding ASP.NET Under The Cover - Miguel A. Castro
Understanding ASP.NET Under The Cover - Miguel A. CastroUnderstanding ASP.NET Under The Cover - Miguel A. Castro
Understanding ASP.NET Under The Cover - Miguel A. Castro
 
前端 JavaScript 相关的小Tips
前端 JavaScript 相关的小Tips前端 JavaScript 相关的小Tips
前端 JavaScript 相关的小Tips
 
Extensibility - Software That Survives - Miguel A. Castro
Extensibility - Software That Survives - Miguel A. CastroExtensibility - Software That Survives - Miguel A. Castro
Extensibility - Software That Survives - Miguel A. Castro
 
Dynamic programming on .net
Dynamic programming on .netDynamic programming on .net
Dynamic programming on .net
 
Pni Final Presentation
Pni Final PresentationPni Final Presentation
Pni Final Presentation
 
Maze Game
Maze GameMaze Game
Maze Game
 

Similar a Fun With Http Handlers - Miguel A. Castro

Asp.net performance
Asp.net performanceAsp.net performance
Asp.net performanceAbhishek Sur
 
Apache doc
Apache docApache doc
Apache docReka
 
Apache doc
Apache docApache doc
Apache docReka
 
APACHE
APACHEAPACHE
APACHEReka
 
Ch 04 asp.net application
Ch 04 asp.net application Ch 04 asp.net application
Ch 04 asp.net application Madhuri Kavade
 
IntelliJ IDEA Architecture and Performance
IntelliJ IDEA Architecture and PerformanceIntelliJ IDEA Architecture and Performance
IntelliJ IDEA Architecture and Performanceintelliyole
 
Web security programming_ii
Web security programming_iiWeb security programming_ii
Web security programming_iigoogli
 
Web Security Programming I I
Web Security Programming I IWeb Security Programming I I
Web Security Programming I IPavu Jas
 
Web security programming_ii
Web security programming_iiWeb security programming_ii
Web security programming_iigoogli
 
IEEE KUET SPAC presentation
IEEE KUET SPAC presentationIEEE KUET SPAC presentation
IEEE KUET SPAC presentationahsanmm
 

Similar a Fun With Http Handlers - Miguel A. Castro (20)

Asp.net performance
Asp.net performanceAsp.net performance
Asp.net performance
 
Php Presentation
Php PresentationPhp Presentation
Php Presentation
 
Codeigniter
CodeigniterCodeigniter
Codeigniter
 
Apache doc
Apache docApache doc
Apache doc
 
Apache doc
Apache docApache doc
Apache doc
 
APACHE
APACHEAPACHE
APACHE
 
A
AA
A
 
Ch 04 asp.net application
Ch 04 asp.net application Ch 04 asp.net application
Ch 04 asp.net application
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
It and ej
It and ejIt and ej
It and ej
 
Download It
Download ItDownload It
Download It
 
IntelliJ IDEA Architecture and Performance
IntelliJ IDEA Architecture and PerformanceIntelliJ IDEA Architecture and Performance
IntelliJ IDEA Architecture and Performance
 
Apache
ApacheApache
Apache
 
demo1
demo1demo1
demo1
 
Web security programming_ii
Web security programming_iiWeb security programming_ii
Web security programming_ii
 
Web Security Programming I I
Web Security Programming I IWeb Security Programming I I
Web Security Programming I I
 
Web security programming_ii
Web security programming_iiWeb security programming_ii
Web security programming_ii
 
Apache
ApacheApache
Apache
 
Apache
ApacheApache
Apache
 
IEEE KUET SPAC presentation
IEEE KUET SPAC presentationIEEE KUET SPAC presentation
IEEE KUET SPAC presentation
 

Fun With Http Handlers - Miguel A. Castro

  • 1. FUN WITH HTTP HANDLERS Miguel A. Castro [email_address]
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8. ASP.NET’s Request Line (brief) Browser makes request (may also be made from within a page) Requested extension is located in registered extensions in IIS Appropriate DLL handles the file Default.aspx *.aspx, *.asmx, *.ashx, *.html, *.config, etc. aspnet_isapi.dll ASP.NET Extension is located in <httpHandlers> section of the Config file chain. The proper handler is loaded and request is sent into it for processing. Processing result may be sent to browser (html) or rerouted elsewhere. During the Pipeline Processing
  • 9.
  • 10.
  • 15. IIS7 Registration Note: IIS 7 stores its registrations in the <system.webServer> section of appropriate config file.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.

Notas del editor

  1. MGB 2003 © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.