Gepost op 2004.04.27 |
Geen reacties |
ASP.NET
Deze post is geïmporteerd van de oude blog en is nog niet geconverteerd naar de nieuwe syntax.
It has been a long time since I posted something, but here I am again. It's a very busy time right now, some exams, loads of school tasks, some websites, etc..
And also, a talk I had to prepare for class. One that I'm going to share with you.
I'll have to disappoint non-Dutch readers though, the slides are written in Dutch, as it was a local session. You could always look at the code though.
The subject was 'Writing Secure ASP.NET'. Covering :
The first three demo's code should be obvious. Regarding IOPermissions I showed a file browser that could browse trough the system in default ASP.NET installation. And for the Unsafe DSN, I listed system DSNs, or used a demo DSN, showed the tables in it (MySQL only) and executed a query against it.
You can find all files here: SecureASPNET.ppt (227k) and Demo.zip (205k).
And also, a talk I had to prepare for class. One that I'm going to share with you.
I'll have to disappoint non-Dutch readers though, the slides are written in Dutch, as it was a local session. You could always look at the code though.
The subject was 'Writing Secure ASP.NET'. Covering :
- Cross-site Scripting
- SQL Injection
- Hashing passwords
- IOPermissions by default
- Unsafe DSN (DSN with password included)
The first three demo's code should be obvious. Regarding IOPermissions I showed a file browser that could browse trough the system in default ASP.NET installation. And for the Unsafe DSN, I listed system DSNs, or used a demo DSN, showed the tables in it (MySQL only) and executed a query against it.
You can find all files here: SecureASPNET.ppt (227k) and Demo.zip (205k).