Deze post is geïmporteerd van de oude blog en is nog niet geconverteerd naar de nieuwe syntax.
It has been a long time since I posted something, but here I am again. It's a very busy time right now, some exams, loads of school tasks, some websites, etc..

And also, a talk I had to prepare for class. One that I'm going to share with you.

I'll have to disappoint non-Dutch readers though, the slides are written in Dutch, as it was a local session. You could always look at the code though.

The subject was 'Writing Secure ASP.NET'. Covering :

  • Cross-site Scripting

  • SQL Injection

  • Hashing passwords

  • IOPermissions by default

  • Unsafe DSN (DSN with password included)



The first three demo's code should be obvious. Regarding IOPermissions I showed a file browser that could browse trough the system in default ASP.NET installation. And for the Unsafe DSN, I listed system DSNs, or used a demo DSN, showed the tables in it (MySQL only) and executed a query against it.

You can find all files here: SecureASPNET.ppt (227k) and Demo.zip (205k).

 
  • Reageer
    Items aangeduid met * zijn verplicht. (Naam, Email, Commentaar)
    Enkele items ontbreken of zijn fout ingevuld.
     
     
     
    Om zeker te zijn dat je geen computer bent, typ de onderstaande tekst over.