You searched for security - Page 5 of 6

Remove IIS Server version HTTP Response Header

Windows Server IIS love to tell the world a website runs on IIS. And dito for ASP.NET Framework. But this gives hackers a lot of information, right? Let's remove the IIS Server header and ASP.NET version headers. Security by obscurity as a pro :-)

By Jan Reilink 06/07/2014Windows Server

Web applications

8 Tips to improve Joomla performance

Speed-up Joomla with just a few config settings: 8 Tips to improve Joomla performance. Add caching, gzip compression, set your sessions & optimize MySQL database functions... Provide your visitors with a blazing fast Joomla website!

By Jan Reilink 29/06/2014Web applications

MySQL

Convert MySQL MyISAM tables to InnoDB

Convert MyISAM to InnoDB for better database performance. In the earlier days of MySQL, the default storage engine for your database tables was "MyISAM". InnoDB is the engine to use now, and MyISAM is no longer actively developed. Therefore all MySQL optimizations are for InnoDB, and it's recommended to switch from MyISAM to this InnoDB storage engine for your MySQL database tables. Follow this tutorial on how to convert from MyISAM to InnoDB.

By Jan Reilink 19/06/2014MySQL

Windows Server

How to hide the .php file extension with IIS URL Rewrite Module

How to hide file extensions, such as .php or .asp, with URL Rewrite Module in IIS. This example will hide the .php extension using IIS URL Rewrite Module, in a ready to use web.config & .htaccess example: extension less URLs in IIS.

By Jan Reilink 23/05/2014Windows Server

Web application security

Test SMTP Authentication and StartTLS

Investigate SMTP authentication issues like a boss! Particular over TLS encrypted SMTP connections, it's always handy if you are able to test the SMTP authentication and StartTLS connection. Preferably from your command line. This post shows you how to test SMTP servers, create base64 encoded logon information, verify SMTP authentication over an opportunistic TLS connection, all from the Linux and Windows command line using OpenSSL.

By Jan Reilink 17/05/2014Web application security

Web application security

prettyPhoto DOM based XSS

prettyPhoto DOM based XSS on Saotn.org... This evening, after tweeting about preventing cross site scripting vulnerabilities, I received a reply from Olivier Beg. His reply to my tweet contained an image, as you can see above. He alerted me that Saotn.org was vulnerable to a DOM based XSS vulnerability, hidden in prettyPhoto used by my WordPress theme. Whoops! So, I had work to do! But, what is prettyPhoto and what exactly is a DOM based XSS?

By Jan Reilink 04/05/2014Web application security

Code base

Validate MIME types with PHP Fileinfo

How to check the file type in PHP and secure file uploads: it is important to validate MIME types in PHP. Especially of files uploaded through an upload form to your website. Using PHP, the best way to validate MIME types is with the PHP extension Fileinfo. Any other method might not be as good or secure as you might think.

By Jan Reilink 27/04/2014Code base

Windows Server

Install Node.js, iisnode module and Ghost on Windows Server / IIS

This post describes the steps necessary to install iisnode, Node.js and Ghost on Windows Server IIS. Ghost is a Node.js web application, specific for just blogging. To run Node.js applications in IIS, you need iisnode as a module. Here is how to install all of this.

By Jan Reilink 22/03/2014Windows Server

WordPress

Block WordPress comment spammers manually

Learn to block WordPress comment spammers manually. The less spammers hit your WordPress blog, the better your blog performs, is one of my opinions. A second is, the less unnecessary plugins you use on your WordPress blog, the better. So, a little while ago I decided to remove plugins like Stop Spammer Registration Plugin and do its work myself. Here is why & how.

By Jan Reilink 30/11/2013WordPress

Windows Server

Fix "Could not establish trust relationship for the SSL/TLS secure channel" error

Today one of our clients received a System.Net.WebException error on a newly deployed ASP.NET web application. Part of the exception was: "System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.". Here is how we resolved that issue.

By Jan Reilink 17/07/2013Windows Server

Windows Server

ASP.NET performance: what to keep in mind

(ASP).NET programmers have to keep certain rules in mind when developing high performance ASP.NET applications, and/or optimizing your existing ASP.NET website. A lot of information is available on this subject. In this post I'll share some valuable posts, and I continue to update this post when I find something new. Posts about ASP.NET performance I frequently pass on to customers so they can improve their ASP.NET web applications.

By Jan Reilink 13/07/2013Windows Server

Code base

Don’t turn off CURLOPT_SSL_VERIFYPEER and fix your PHP configuration

Don't turn off CURLOPT_SSL_VERIFYPEER but fix your PHP configuration to resolve SSL errors in PHP. These errors are often caused by not having an up-to-date bundle of CA root certificates on your system. So please, don't turn off CURLOPT_SSL_VERIFYPEER in your PHP config, but fix the cURL errors by updating cURL's bundle of CA root certificates and your php.ini configuration.

By Jan Reilink 10/06/2013Code base

Code base

How to send authenticated SMTP over a TLS encrypted connection, in PHP, ASP and ASP.NET?

Send outgoing mail over authenticated SMTP using TLS, in PHP, ASP and ASP.NET. Send email securely from your website. Ready to use examples!

By Jan Reilink 15/05/2013Code base

magnifying glass near gray laptop computer

Web application security

Grep for forensic log parsing and analysis on Windows Server IIS

How to use GnuWin32 ported tools like grep.exe and find.exe for forensic log file analysis in Windows Server. In this article I'll give some real live examples of using these ported GnuWin tools like grep.exe for logfile analysis on Windows servers. The article provides three example, as an alternative to LogParser, because finding spam scripts fast is often very important.

By Jan Reilink 19/04/2013Web application security

Web application security

Unauthorized Access: Bypassing PHP strcmp()

Unauthorized Access: Bypassing PHP strcmp(). A way to bypass PHP's strcmp() binary safe string comparison function.

By Jan Reilink 08/03/2013Web application security

Search results for: security

Remove IIS Server version HTTP Response Header

8 Tips to improve Joomla performance

Convert MySQL MyISAM tables to InnoDB

How to hide the .php file extension with IIS URL Rewrite Module

Test SMTP Authentication and StartTLS

prettyPhoto DOM based XSS

Validate MIME types with PHP Fileinfo

Install Node.js, iisnode module and Ghost on Windows Server / IIS

Block WordPress comment spammers manually

Fix "Could not establish trust relationship for the SSL/TLS secure channel" error

ASP.NET performance: what to keep in mind

Don’t turn off CURLOPT_SSL_VERIFYPEER and fix your PHP configuration

How to send authenticated SMTP over a TLS encrypted connection, in PHP, ASP and ASP.NET?

Grep for forensic log parsing and analysis on Windows Server IIS

Unauthorized Access: Bypassing PHP strcmp()

Windows Server

Web applications

PowerShell