The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

.NET Buzz Forum
ASP.Net 2.0 Roadshow in Dublin

0 replies.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a flat view of this topic  Flat View
Previous Topic   Next Topic
Threaded View: This topic has 0 replies on 1 page
Marcus Mac Innes

Posts: 90
Nickname: macinnesm
Registered: Mar, 2004

Marcus Mac Innes is solutions architect and director of Style Design Systems Ltd
ASP.Net 2.0 Roadshow in Dublin Posted: Mar 7, 2005 10:01 AM
Reply to this message Reply

This post originated from an RSS feed registered with .NET Buzz by Marcus Mac Innes.
Original Post: ASP.Net 2.0 Roadshow in Dublin
Feed Title: Marcus Mac Innes' Blog
Feed URL: http://www.styledesign.biz/weblogs/macinnesm/Rss.aspx
Feed Description: Issues relating to .NET, Service Oriented Architecture, SQL Server and other technologies. 		Latest .NET Buzz Posts
Latest .NET Buzz Posts by Marcus Mac Innes
Latest Posts From Marcus Mac Innes' Blog

Following my talk on Securing ASP.Net Applications at last Friday’s Dublin leg of Microsoft’s ASP.Net 2.0 European Roadshow, there were a couple of requests for the slides and code samples. They can be downloaded from here.

Talking with developers afterwards in the bar, it was really interesting to see how many of them had heard of SQL Injection and XSS attacks but had not actually realised how vulnerable an application and the other applications which share the same database can be. Most had never actually seen how an attack would be carried out.

I demonstrated how security on a web site can be compromised by taking advantage of holes within the application code. These holes can be discovered by using a series of probes which disclose whether or not vulnerability exists.

The demonstration attacked the site’s Login page to discover vulnerabilities. These were then exploited to bypass the application security altogether. We were then able to take control of the database for this and other applications which share the database, create our own login accounts with administrative privileges and access the site’s customer’s credit card information.

I also demonstrated using a Cross Site Scripting attack how the Forms Authentication cookie could be stolen and silently sent to an attacker’s website to be stored for later use. Once the attacker is in position of this cookie, they would be able to login to the original web site using someone else’s authentication token.

The key message of the talk was to ensure that all user input is validated before any other processing is done. This together with strict use of secure coding standards would have disabled any attacker’s opportunities.

For more information on writing secure code, please feel free to contact me.

And many thanks to Microsoft for asking me to speak at this great event with the ASP.NET team!

Read: ASP.Net 2.0 Roadshow in Dublin


Topic: Yahoo! Netospective Previous Topic   Next Topic Topic: Code Camp hits DC area in May!
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use