A few words about mobile apps

by Dmitry Kirsanov 30. April 2019 11:28

Recently I analysed logs of some of my mobile apps, mostly enterprise with backend web services. And some thoughts that result from it are well worth sharing. That mainly concerns architects and developers of corporate apps, rather than game or standalone apps – network-related problems are harder to solve, as you don’t control the environment.

More...

New Side Project - Currency Label

by Dmitry Kirsanov 28. January 2014 22:15

Spent 40 minutes of my life on new control for ASP.NET - the Currency Label. It allows you to add currency conversion painlessly just like a normal label. Actually, it is a normal label, just extended.

Currently it's in beta, but passed all tests so far, so you're welcome to try it on your website.

https://kirsanov.net/page/Currency-Label-control-for-ASPNET-Web-Forms.aspx

Introduction to PowerShell - part 4 - Security

by Dmitry Kirsanov 22. March 2012 17:42

One of the qualities of the PowerShell, one of the scales to mark it’s success was the Security. It is also the first question asked when someone new to PowerShell is trying to run the PowerShell script.

The previous generations of scripting environments, like the Windows Scripting Host with it’s notorious VBS files sent automatically over e-mail by all sorts of worms and trojans – they cried for better security, and not only in terms of getting over the problems, but also in terms of applying newest standards and technologies.

So this video training article is about the security in Windows PowerShell. More...

Introduction to PowerShell - part 3 - Variable Scopes and Arrays

by Dmitry Kirsanov 19. March 2012 02:35

I’m continuing the series about the PowerShell for System Administrators and in this chapter we are talking about how PowerShell handles variables and the data stored in them, the life and times of variables, and ends with how to handle arrays.

More...

Introduction to PowerShell - part 2 - Pipeline, Scripts and Syntax

by Dmitry Kirsanov 25. January 2012 01:30

Introduction to PowerShellAll of a sudden I decided to spend one hour of this evening to make the second part of PowerShell introduction for Windows system administrators. I just noticed, that the previous part was made in… November, and having quite a few requests to continue I just couldn’t resist! So, this is pure improvisation, although I tried to make it as smooth as possible.

This time we’ll dig further into what system administrators do most – working with large arrays of data, such as files, ACL lists and finding objects by special parameters. You will learn about variables in PowerShell and how you can effectively use them. More...

URL Rewriting and Routing in ASP.NET 4

by Dmitry Kirsanov 9. December 2011 13:37

How to make the URL of your page look more user-friendly or just make it self-explanatory? And anyway – look different from what it really is? In ASP.NET version 4 it’s easier than ever.

Why would we need that feature anyway?

It’s been quite popular trend in web development since the very beginning of dynamic Web – first, we didn’t want anyone to see the extension of our files, as this posed a security risk. Anyone, who could see that our page is actually an ASP page, would understand that you have Internet Information Server, which was considered “dangerous” at that time – not even because it was too bad, but because Windows NT 4 Server was user-friendly enough so people wouldn’t need to be MCSE in order to install and run web server. It wasn’t hard for Linux either, but Apache didn’t offer any dynamic contents out of the box. More...

Introduction to scripting for systems administrators - Windows Scripting Host, part 1

by Dmitry Kirsanov 20. November 2011 00:42

Some time ago, which seems like yesterday, I made an attempt to introduce Windows Systems Administrators to PowerShell. Even before doing that, I realized that professional Windows scripting is still impossible without using of VBScript, or Visual Basic Scripting Edition. And teaching someone PowerShell without at least showing the main concepts of VBScript is not right.

While I am trying to show the work with VBScript from more like practical point of view, I am also not trying to substitute the training course on the subject, so if VBScript or Windows Scripting in general is about to become your main responsibility at your company, please get yourself a reference on it, preferably something as good as VBScript bible.

However, we’ll get closer to VBScript during later sessions and cover even so exotic topics as using VBScript custom actions in Microsoft Installer packages (MSI).

Introduction to scripting for systems administrators - Windows Scripting Host, part 1

Introduction to scripting for Systems Administrators - PowerShell

by Dmitry Kirsanov 19. November 2011 13:28

There was a time, when IT specialists were mainly either systems administrators or developers. There was a time, when being Database Administrator would also mean having perfect knowledge of SQL. New generation of IT specialists don’t remember that time, and that only because technology evolved so greatly, it is considerably harder to possess the whole range of features offered by a monster product such as SQL Server 2008.

But this post is not about databases at all. It’s about how we can manage the growing complexities of enormous range of technologies that we have to use in business. More...

Security through obscurity

by Dmitry Kirsanov 8. November 2011 11:46

Rather short note for pen-testers.

Sometimes you have software which is contacting some web services – especially interesting when it’s about transferring files.

Sometimes some software packages, especially custom ones, made for a small number of customers, may have web services open for consuming by that software.

Pay attention to it. Sometimes there are exposed functions which could be exploited in a way that developers were not able to imagine.

For example, during my most recent pen-test, I was able to put files, delete and execute on server using only functions of exposed web service. Needless to say, I wouldn’t need any hacking tools or social engineering to penetrate networks of their customers as well.

This topic is rather omitted in CEH and similar courses, but with some base knowledge of programming you could kill the whole family of rabbits with one shot.

Also, as a side note about pen-testing. I noticed that even when you’re using simplest technique, a “no-brainer” one, customer will call you “hacker” or “genius” just to not call their developer or system administrator an idiot.

Team Foundation Server 2010 Test Manager Lab 4 - Test Runs

by Dmitry Kirsanov 31. October 2011 21:01

So far we’ve seen a lot of unusual and amazing things in Team Foundation Server 2010, more specifically – in Visual Studio 2010 Test Professional. However, one of the most ground-breaking features of TFS and Visual Studio Test Professional is it’s ability to run automated tests.

By automation we understand performing complex tasks and verifying results of users’ interaction with your application. As you can see in this example.

Enjoy the 4th lab of Team Foundation Server 2010’s Test Manager, and now it’s about Test Runs.

Team Foundation Server 2010 Test Manager Lab 4 - Test Runs

As always, make sure you watch it in Full Screen HD!

Previous lab is available here.