Posted on 2004.04.27 |
No comments |
ASP.NET
This post has been imported from the old blog and has not yet been converted to the new syntax yet.
It has been a long time since I posted something, but here I am again. It's a very busy time right now, some exams, loads of school tasks, some websites, etc..
And also, a talk I had to prepare for class. One that I'm going to share with you.
I'll have to disappoint non-Dutch readers though, the slides are written in Dutch, as it was a local session. You could always look at the code though.
The subject was 'Writing Secure ASP.NET'. Covering :
The first three demo's code should be obvious. Regarding IOPermissions I showed a file browser that could browse trough the system in default ASP.NET installation. And for the Unsafe DSN, I listed system DSNs, or used a demo DSN, showed the tables in it (MySQL only) and executed a query against it.
You can find all files here: SecureASPNET.ppt (227k) and Demo.zip (205k).
And also, a talk I had to prepare for class. One that I'm going to share with you.
I'll have to disappoint non-Dutch readers though, the slides are written in Dutch, as it was a local session. You could always look at the code though.
The subject was 'Writing Secure ASP.NET'. Covering :
- Cross-site Scripting
- SQL Injection
- Hashing passwords
- IOPermissions by default
- Unsafe DSN (DSN with password included)
The first three demo's code should be obvious. Regarding IOPermissions I showed a file browser that could browse trough the system in default ASP.NET installation. And for the Unsafe DSN, I listed system DSNs, or used a demo DSN, showed the tables in it (MySQL only) and executed a query against it.
You can find all files here: SecureASPNET.ppt (227k) and Demo.zip (205k).
+32 (0)478 57.79.17