Hack Proofing Your Microsoft ASP.NET Web Forms and MVC Applications

Download this episode

Download Video


Security is an afterthought with most developers. A common problem is that most web applications can be easily hacked. This presentation explores the most common attacks on web applications, how they work to exploit your app, and most importantly, how to protect against them. Techniques such as Cross Site Scripting, SQL Injection, Session Hijacking, and Cross Site Request Forgery will be covered. ASP.NET Web Forms and ASP.NET Model-View-Controller (MVC) will be covered, as both have pros and cons that will be explored. We will start with a 'broken' application and secure it throughout the presentation. Learn about the various tools, techniques, and libraries to help protect your applications!
For more information, check out this course on Microsoft Virtual Academy:







Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image
      Nia Samir

      A great speaker! I enjoyed the session and I learned a lot. This session is a must for every developer!

    • User profile image
      Sashi Miso

      Amazing learning session, Adam is clearly a leader in the field. As a victim of a site hacking, I wish I knew this information a long time ago!!

    • User profile image
      Tim Yocum

      Excellent presentation!

    • User profile image

      The best explanation of SQL injection, XSS, and CSRF attacks, and how to prevent them, that I have seen.

      I have some work to do, to implement these suggestions.  Hopefully, I can convince my co-workers to do the same.

    • User profile image


    • User profile image

      Excellent Presentation!   Good Work, Adam.  I learn something new every time I hear you speak.

    • User profile image
      Scott Abbott

      Oustanding presentation! Adam's security presentations should be required watching for any developer releasing Internet-facing applications.

    • User profile image
      Awesome. Thanks Adam. This should be watched by every developer.
    • User profile image

      A must watch !!

      Tool to incl  : FireBug and HTTP Analyzer

    • User profile image
      Jeff Eynon

      Adam's presentation was excellent. Everything was presented in a clear and easy to understand manner, and he obviously is an expert on the subject matter. I learned more from this session than any other session at tech ed.

    • User profile image
      Les Garner

      Great presentation. Very impressed
      Les Garner

    • User profile image
      Lance Spence

      Clearly Adam is very knowledgable in this topic and his presentation and examples of the topic are second to none!

      Excellent job!

    • User profile image

      This is not easy material to cover, but Adam demonstrated that he knows it cold. It was refreshing to have such difficult content explained so clearly. Well done, and thank you.

    • User profile image

      Awesome presentation! Easy to understand, great demos, light humor, very well done. Thanks Adam.

    • User profile image

      Very useful and timely presentation,

      Thank you Adam

    • User profile image

      Great Presentation, easy to understand

    • User profile image

      Great Video .. love to watch again n again ..
      The way adam presented was really awesome ..
      Thanks adam ..

    • User profile image

      Where to get information about session highjacking as really want to understand how to prevent asp.net websites from that without SSL putting there and without IP as most users has problem that often change IP's, is it any information to find?

    • User profile image
      James Dunne

      A simple hash-collision attack will bring any ASP.NET site to its knees. I suspect he didn't want to cover this because it is too easy to do, hence scary to demonstrate how to do it.

    • User profile image

      James, this attack isn't limited to asp.net, was formally announced in december (long after this ran) and isn't up to the developer to write into their applications for a general hack proofing tactics. It's up to Microsoft to fix this or provide a workaround (they did), as such doesn't fit into the scheme (or time unfortunately) here. I go into greater details on several subjects in my pluralsight hack proofing series and briefly DoS, but again, not that attack specifically as this is already protected against. Since this is a DoS attack, and there are nearly infinite ways to exploit DoS attacks, again, its not fitting for the content constraints here.

    • User profile image

      fyi, for more in depth info than I could provide here please check out my pluralsight series on this at:

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to send us feedback you can Contact Us.