Hack Proofing Your Microsoft ASP.NET Web Forms and MVC Applications

Sign in to queue

Description

Security is an afterthought with most developers. A common problem is that most web applications can be easily hacked. This presentation explores the most common attacks on web applications, how they work to exploit your app, and most importantly, how to protect against them. Techniques such as Cross Site Scripting, SQL Injection, Session Hijacking, and Cross Site Request Forgery will be covered. ASP.NET Web Forms and ASP.NET Model-View-Controller (MVC) will be covered, as both have pros and cons that will be explored. We will start with a 'broken' application and secure it throughout the presentation. Learn about the various tools, techniques, and libraries to help protect your applications!
For more information, check out this course on Microsoft Virtual Academy:

Day:

4

Code:

DEV333

Embed

Download

Download this episode

For more information, check out this course on Microsoft Virtual Academy:

The Discussion

  • User profile image
    Nia Samir

    A great speaker! I enjoyed the session and I learned a lot. This session is a must for every developer!

  • User profile image
    Sashi Miso

    Amazing learning session, Adam is clearly a leader in the field. As a victim of a site hacking, I wish I knew this information a long time ago!!

  • User profile image
    Tim Yocum

    Excellent presentation!

  • User profile image
    jthompkins

    The best explanation of SQL injection, XSS, and CSRF attacks, and how to prevent them, that I have seen.

    I have some work to do, to implement these suggestions.  Hopefully, I can convince my co-workers to do the same.

  • User profile image
    analog

    Nice!!!!!!

  • User profile image
    jjhalko

    Excellent Presentation!   Good Work, Adam.  I learn something new every time I hear you speak.

  • User profile image
    Scott Abbott

    Oustanding presentation! Adam's security presentations should be required watching for any developer releasing Internet-facing applications.

  • User profile image
    Michael_​Baden
    Awesome. Thanks Adam. This should be watched by every developer.
  • User profile image
    VamsiKrishna

    A must watch !!

    Tool to incl  : FireBug and HTTP Analyzer

  • User profile image
    Jeff Eynon

    Adam's presentation was excellent. Everything was presented in a clear and easy to understand manner, and he obviously is an expert on the subject matter. I learned more from this session than any other session at tech ed.

  • User profile image
    Les Garner

    Adam,
    Great presentation. Very impressed
    Les Garner

  • User profile image
    Lance Spence

    Clearly Adam is very knowledgable in this topic and his presentation and examples of the topic are second to none!

    Excellent job!

  • User profile image
    onyx03

    This is not easy material to cover, but Adam demonstrated that he knows it cold. It was refreshing to have such difficult content explained so clearly. Well done, and thank you.

  • User profile image
    Alex

    Awesome presentation! Easy to understand, great demos, light humor, very well done. Thanks Adam.

  • User profile image
    tormenta

    Very useful and timely presentation,

    Thank you Adam

  • User profile image
    SURESH

    Great Presentation, easy to understand

  • User profile image
    Manikantan

    Great Video .. love to watch again n again ..
    The way adam presented was really awesome ..
    Thanks adam ..

  • User profile image
    Demo

    Where to get information about session highjacking as really want to understand how to prevent asp.net websites from that without SSL putting there and without IP as most users has problem that often change IP's, is it any information to find?

  • User profile image
    James Dunne

    A simple hash-collision attack will bring any ASP.NET site to its knees. I suspect he didn't want to cover this because it is too easy to do, hence scary to demonstrate how to do it.

  • User profile image
    Adam

    James, this attack isn't limited to asp.net, was formally announced in december (long after this ran) and isn't up to the developer to write into their applications for a general hack proofing tactics. It's up to Microsoft to fix this or provide a workaround (they did), as such doesn't fit into the scheme (or time unfortunately) here. I go into greater details on several subjects in my pluralsight hack proofing series and briefly DoS, but again, not that attack specifically as this is already protected against. Since this is a DoS attack, and there are nearly infinite ways to exploit DoS attacks, again, its not fitting for the content constraints here.

  • User profile image
    Adam

    fyi, for more in depth info than I could provide here please check out my pluralsight series on this at:
    http://www.pluralsight-training.net/microsoft/Courses/TableOfContents?courseName=hack-proofing-dotnet-app

Add Your 2 Cents