Writing Secure ASP.NET Session - Dutch

It has been a long time since I posted something, but here I am again. It's a very busy time right now, some exams, loads of school tasks, some websites, etc..

And also, a talk I had to prepare for class. One that I'm going to share with you.

I'll have to disappoint non-Dutch readers though, the slides are written in Dutch, as it was a local session. You could always look at the code though.

The subject was 'Writing Secure ASP.NET'. Covering :

  • Cross-site Scripting
  • SQL Injection
  • Hashing passwords
  • IOPermissions by default
  • Unsafe DSN (DSN with password included)

The first three demo's code should be obvious. Regarding IOPermissions I showed a file browser that could browse trough the system in default ASP.NET installation. And for the Unsafe DSN, I listed system DSNs, or used a demo DSN, showed the tables in it (MySQL only) and executed a query against it.

You can find all files here: SecureASPNET.ppt (227k) and Demo.zip (205k).