Browse by Tags
All Tags »
Software Security »
ASP.NET (
RSS)
I think it was a good talk - too bad I only got through three tips :) View more presentations or upload your own. You can download the slides here if you have a Slideshare account, or just send me an email. Share this post: email it! | bookmark it! |...
I'll be at SoCalCodeCamp this weekend (January 24-25, 2009), attending sessions and hanging out. I'll also be speaking on Sunday, January 25, at 9:00AM in UH 250 , giving a presentation entitled " Top Ten Tips for Tenacious Defense in ASP.NET ". I like...
Barry Dorrans created a filter for CSRF protection in ASP.NET. It's inspired by the ASP.NET MVC CSRF token approach. It's a simple and effective protection mechanism when you can't use the ViewStateUserKey because you've disabled ViewState. It doesn't...
ViewStateUserKey is not a completely effective mitigation against Cross-Site Request Forgery. It doesn't work for non post-backs (I.e. GET requests), and it doesn't work if the ViewState MAC is turned off. In several different places , we see a piece...
Recently I developed a lab for our Writing Secure Code – ASP.NET training course where students modify Hacme Bank to run in Partial Trust rather than Full Trust. A lot has been written about Partial Trust. It's not going to solve every security problem...
More Posts
Next page »