Securing ASP.NET Web Applications

By: Lino Tadros

Abstract: This session presents countermeasures to defend against threats. Topics include input validation; best practices when working with Microsoft SQL Server, including the use of parameterized commands, stored procedures, accounts with limited privileges, Microsoft Windows; authentication versus SQL Server logins, and secure storage of connection strings; HTML-encoding of user input; vulnerabilities specific to ASP.NET forms authentication and forms authentication cookies; use of encrypted view state rather than hidden fields to maintain state between requests; storage of password hashes rather than passwords for added security; and more.

Alain "Lino" Tadros is president and CEO of Falafel Software, Inc., a software development consultancy, and a former software engineer in the Borland Delphi and C++ language groups. Lino is recognized internationally for his expertise in the areas of .NET, COM, XML, SOAP and Internet development and has published a multitude of articles and technically reviewed five books on software development. He is a Borland Certified Developer and Trainer on Delphi, C++Builder, Kylix, and JBuilder and was honored by Borland with the prestigious "Trainer of the Year" award at the 2002 Borland Conference. Lino sits on the Boards of Directors of five Silicon Valley technology companies. He was also the recepient of the MVP 2004 award from Microsoft for his many contributions to the C# communities worldwide.

lino@falafel.com

  Latest Comments  View All Add New RSS ATOM

Move mouse over comment to see the full text

Server Response from: ETNASC04