DevDays is an excellent chance to spend a day focusing on some of the hotest topics for developers using Microsoft technologies, as well as spending some time networking with other technology professionals in your area. This year I will be presenting three (3) sessions in three (3) cities:
Seattle, WA - 3/18/04
- Overview - ASP.NET Web Application Security Fundamentals
This session focuses on the fundamentals of Web application security, with an emphasis on Internet Information Services (IIS) and ASP.NET. Attend this session to better understand the security infrastructure built into IIS and ASP.NET and how these two technologies work together to provide a secure platform for Web applications. Topics include IIS security, the ASP.NET worker process, and authentication and authorization models.
- Defenses and Countermeasures - Secure Your ASP.NET Applications from Hackers
This session builds on the previous session by presenting countermeasures for the threats outlined there. Topics include input validation; best practices when working with Microsoft SQL Server™, including the use of parameterized commands, stored procedures, accounts with limited privileges, Microsoft Windows® authentication versus SQL Server logins, and secure storage of connection strings; HTML-encoding of user input; vulnerabilities specific to ASP.NET forms authentication and forms authentication cookies; use of encrypted view state rather than hidden fields to maintain state between requests; storage of password hashes rather than passwords for added security; and more.
New York, NY - 2/23/04
- Developing Secure Web Applications - Examining an End-To-End, Hack-Resilient Application
This session features a walk-through of a full-scale ASP.NET application that implements many of the countermeasures and best practices outlined in the previous session.
Newark, NJ - 3/4/04
- Developing Secure Web Applications - Examining an End-To-End, Hack-Resilient Application
This session features a walk-through of a full-scale ASP.NET application that implements many of the countermeasures and best practices outlined in the previous session.