Justin Cooney

Web Development Tips and Examples

recent posts

about

I am a Senior Applications Programmer / Analyst with years of experience developing enterprise solutions using the Microsoft technology stack including C#, VB.NET, ASP.NET, AJAX, IIS and SQL Server. I specialize in Web application development with a focus on building secure systems, integrating applications, and designing robust database structures.

  • URL Shortening is a Growing Security Risk

    URL shortening services are ubiquitous nowadays, and I agree that there are many benefits to having a short link rather than a long and sometimes meaningless URL. However the fact that links to potentially dangerous sites can now easily be obfusticated makes URL shortening a very dangerous thing when put into the hands of the wrong people.

    Specifically, the widespread use of URL shortening services means that users can no longer quickly eyeball links to make sure they don’t lead to malware or virus sites. In my opinion this is a major problem that gives writers of online exploits a huge advantage.

    Sites that make heavy use of URL shortening services such as Twitter have tried to institute changes to how shortened links are displayed, but this is easily circumvented by spammers or even accidentally.

    The problem with URL shortening is that it obscures the target address, and so can be used to redirect to an unexpected site which can contain viruses or other exploits. New URL shortening services spring up all the time, including services specifically designed by malware creators. When one of these fly-by-night shortening services is used, then the full destination URL will not be shown in on mouseover of a link. At that point the URL has been successfully hidden. This is a plus for malware creators since they rely on volume and people making careless clicks, so when their malicious links have been obscured they will expect to get more hits by unsuspecting users.

    My question is: do the pros outweigh the cons?

    Kaspersky security reports indicate that the number of browser-based malware attacks have increased exponentially since 2007. To quote numbers from a 2010 Kaspersky article: in 2007, a total of 23,680,646 attacks were recorded against KSN users, however in 2010 it skyrocketed to 580,371,937! From events of 2011 it looks like this year the total attack numbers will make the 2010 numbers look very small by comparison.

    In this article I will alternate usage of shortened URLs that link to Web-based exploits with cloaked URL and poisoned link.

    (more…)

  • showModalDialog Opens a New Window on Submit or location.href

    The ShowModalDialog function has been in use for a long time and is now part of the emerging HTML5 specification. Although there are many pro and con arguments for using using this function, the fact remains that it has been extensively used in past and it continues to serve a useful function under specific conditions.

    The fact that you can have two separately operating HTML forms that interact is important if you are coding more complex behaviors. For simpler behaviors you may want to look into using the jQuery modal dialog (really a floating div) which serves the same purpose. (more…)

  • WebForms Declarative Data Binding using Eval & Bind

    I have been using Visual Studio’s Declarative WebForms programming model lately to quickly create Web-based form interfaces. As part of this process I have been making extensive use of control binding using the Eval() and Bind() statements, and in some cases even the old ASP Response.Write syntax. As part of my review, I will use this article to to go over the pros and cons of using either option.

    As a general rule of thumb, both Eval() and Bind() work similarly for read operations but Bind() offers more functionality when binding controls to a data source for the full spectrum of Read/Write operations.

    (more…)