Hack Proofing Your Microsoft ASP.NET Web Forms and MVC Applications

The Discussion

• 

  A great speaker! I enjoyed the session and I learned a lot. This session is a must for every developer!

• 

  Amazing learning session, Adam is clearly a leader in the field. As a victim of a site hacking, I wish I knew this information a long time ago!!

• 

  Excellent presentation!

• 

  The best explanation of SQL injection, XSS, and CSRF attacks, and how to prevent them, that I have seen.

  I have some work to do, to implement these suggestions.  Hopefully, I can convince my co-workers to do the same.

• 

  Nice!!!!!!

• 

  Excellent Presentation!   Good Work, Adam.  I learn something new every time I hear you speak.

• 

  Oustanding presentation! Adam's security presentations should be required watching for any developer releasing Internet-facing applications.

• 

  Awesome. Thanks Adam. This should be watched by every developer.

• 

  A must watch !!

  Tool to incl  : FireBug and HTTP Analyzer

• 

  Adam's presentation was excellent. Everything was presented in a clear and easy to understand manner, and he obviously is an expert on the subject matter. I learned more from this session than any other session at tech ed.

• 

  Adam,
  Great presentation. Very impressed
  Les Garner

• 

  Clearly Adam is very knowledgable in this topic and his presentation and examples of the topic are second to none!
  
  Excellent job!

• 

  This is not easy material to cover, but Adam demonstrated that he knows it cold. It was refreshing to have such difficult content explained so clearly. Well done, and thank you.

• 

  Awesome presentation! Easy to understand, great demos, light humor, very well done. Thanks Adam.

• 

  Very useful and timely presentation,

  Thank you Adam

• 

  Great Presentation, easy to understand

• 

  Great Video .. love to watch again n again ..
  The way adam presented was really awesome ..
  Thanks adam ..
  

• 

  Where to get information about session highjacking as really want to understand how to prevent asp.net websites from that without SSL putting there and without IP as most users has problem that often change IP's, is it any information to find?

• 

  A simple hash-collision attack will bring any ASP.NET site to its knees. I suspect he didn't want to cover this because it is too easy to do, hence scary to demonstrate how to do it.

• 

  James, this attack isn't limited to asp.net, was formally announced in december (long after this ran) and isn't up to the developer to write into their applications for a general hack proofing tactics. It's up to Microsoft to fix this or provide a workaround (they did), as such doesn't fit into the scheme (or time unfortunately) here. I go into greater details on several subjects in my pluralsight hack proofing series and briefly DoS, but again, not that attack specifically as this is already protected against. Since this is a DoS attack, and there are nearly infinite ways to exploit DoS attacks, again, its not fitting for the content constraints here.
  

• 

  fyi, for more in depth info than I could provide here please check out my pluralsight series on this at:
  http://www.pluralsight-training.net/microsoft/Courses/TableOfContents?courseName=hack-proofing-dotnet-app