This post originated from an RSS feed registered with .NET Buzz
by David Cumps.
Original Post: Writing Secure ASP.NET Session - Dutch
Feed Title: David Cumps
Feed URL: http://weblogs.asp.net/cumpsd/rss?containerid=12
Feed Description: A Student .Net Blog :p
It has been a long time since I posted something, but here I am again. It's a very busy time right now, some exams, loads of school tasks, some websites, etc..
And also, a talk I had to prepare for class. One that I'm going to share with you.
I'll have to dissapoint non-Dutch readers though, the slides are writting in Dutch, as it was a local session. You could always look at the code though.
The subject was 'Writing Secure ASP.NET'. Covering :
Cross-site Scripting
SQL Injection
Hashing passwords
IOPermissions by default
Unsafe DSN (DSN with password included)
The first three demo's code should be obvious. Regarding IOPermissions I showed a file browser that could browse trough the system in default ASP.NET installation. And for the Unsafe DSN, I listed system DSNs, or used a demo DSN, showed the tables in it (MySQL only) and executed a query against it.