Securing MVC.NET

Yesterday I gave a 2 hour presentation covering the ins and outs of leveraging the major components (and some minor ones) in MVC.NET.  In order to give people a bootstrapped set of skills to focus on, we worked through the OWASP Top 10 project as our primary premise.  We also touched briefly on Microsoft’s Secure Development Lifecycle.

I have attached my slides, code, and put the links I think worth reviewing below. Please note that the graphics for vulnerabilities are from the OWASP Top 10 slide deck, used via the permission on the site.

[slides | code (coming soon)]

Feel free to ping me if you have any questions.

  1. XSS Cheat Sheet
  2. Asp.Net Sessions (Part 1)
  3. Asp.Net Sessions (Part 2)
  4. Json Hijacking
  5. Anti-Xss library
  6. Making the AntiXSS Library the default encoder in MVC.Net 2.0
  7. SecureString Class
  8. ViewState Encryption
  9. Think before you bind
  10. Binding attack
  11. SSL Screw Ups
  12. Web 2.0 Attack Vectors
  13. IIS 7 Security (General)
  14. IIS 7 Security Guide
  15. Server 2008 Security (Misc)
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: