Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Microsoft DevDays 2004 Web Development Track: Focus on Security

From: "Anil John" <Editor () SecureCoder com>
Date: Mon, 23 Feb 2004 15:20:09 +0000
Greetings,

Don't know if this has been mentioned here before, but the Microsoft DevDays
2004 [Web Development Track], is focused on Building Secure Web Applications
with ASP.NET.

Here is the agenda:

Session 1: Overview - ASP.NET Web Application Security Fundamentals

This session focuses on the fundamentals of Web application security, with
an emphasis on Internet Information Services (IIS) and ASP.NET. Attend this
session to better understand the security infrastructure built into IIS and
ASP.NET and how these two technologies work together to provide a secure
platform for Web applications. Topics include IIS security, the ASP.NET
worker process, and authentication and authorization models. 

Session 2: Threats and Threat Modeling - Understanding Web Application
Threats and Vulnerabilities

The best way to understand how attacks against Web sites work is to see them
demonstrated live and in person. This demo-laden session focuses on
understanding threat modeling and the common threats that all Web
applications face. Topics include types of attacks; demos of common attacks
such as SQL injection, cross-site scripting, and input-tampering attacks;
and identifying vulnerabilities using threat modeling techniques. 

Session 3: Defenses and Countermeasures - Secure Your ASP.NET Applications
from Hackers

This session builds on the previous session by presenting countermeasures
for the threats outlined there. Topics include input validation; best
practices when working with Microsoft SQL ServerT, including the use of
parameterized commands, stored procedures, accounts with limited privileges,
Microsoft WindowsR authentication versus SQL Server logins, and secure
storage of connection strings; HTML-encoding of user input; vulnerabilities
specific to ASP.NET forms authentication and forms authentication cookies;
use of encrypted view state rather than hidden fields to maintain state
between requests; storage of password hashes rather than passwords for added
security; and more. 

Session 4: Developing Secure Web Applications - Examining an End-To-End,
Hack-Resilient Application

This session features a walk-through of a full-scale ASP.NET application
that implements many of the countermeasures and best practices outlined in
the previous session. 

More information on DevDays, including venues and registration information,
can be found @ http://msdn.microsoft.com/events/devdays/

Thanks..

- Anil
Previous By Date Next
Previous By Thread Next

Current thread: