Secure Coding mailing list archives
Microsoft DevDays 2004 Web Development Track: Focus on Security
From: "Anil John" <Editor () SecureCoder com>
Date: Mon, 23 Feb 2004 15:20:09 +0000
Greetings, Don't know if this has been mentioned here before, but the Microsoft DevDays 2004 [Web Development Track], is focused on Building Secure Web Applications with ASP.NET. Here is the agenda: Session 1: Overview - ASP.NET Web Application Security Fundamentals This session focuses on the fundamentals of Web application security, with an emphasis on Internet Information Services (IIS) and ASP.NET. Attend this session to better understand the security infrastructure built into IIS and ASP.NET and how these two technologies work together to provide a secure platform for Web applications. Topics include IIS security, the ASP.NET worker process, and authentication and authorization models. Session 2: Threats and Threat Modeling - Understanding Web Application Threats and Vulnerabilities The best way to understand how attacks against Web sites work is to see them demonstrated live and in person. This demo-laden session focuses on understanding threat modeling and the common threats that all Web applications face. Topics include types of attacks; demos of common attacks such as SQL injection, cross-site scripting, and input-tampering attacks; and identifying vulnerabilities using threat modeling techniques. Session 3: Defenses and Countermeasures - Secure Your ASP.NET Applications from Hackers This session builds on the previous session by presenting countermeasures for the threats outlined there. Topics include input validation; best practices when working with Microsoft SQL ServerT, including the use of parameterized commands, stored procedures, accounts with limited privileges, Microsoft WindowsR authentication versus SQL Server logins, and secure storage of connection strings; HTML-encoding of user input; vulnerabilities specific to ASP.NET forms authentication and forms authentication cookies; use of encrypted view state rather than hidden fields to maintain state between requests; storage of password hashes rather than passwords for added security; and more. Session 4: Developing Secure Web Applications - Examining an End-To-End, Hack-Resilient Application This session features a walk-through of a full-scale ASP.NET application that implements many of the countermeasures and best practices outlined in the previous session. More information on DevDays, including venues and registration information, can be found @ http://msdn.microsoft.com/events/devdays/ Thanks.. - Anil
Current thread:
- Microsoft DevDays 2004 Web Development Track: Focus on Security Anil John (Feb 23)