Your Comments.

• # re: Don’t Get Stung – An introduction to the OWASP Top Ten

  hahahah, thanks for the lift but after your "you have no friends, your an SEO comment"... had to get you back :)
  
  Until Next Time!

  Left by Dom Hodgson at 4/18/2009 10:31 PM
• # re: Don’t Get Stung – An introduction to the OWASP Top Ten

  Awesome presentation at web dd - cheers!

  Left by John at 4/21/2009 2:28 PM
• # re: Don’t Get Stung – An introduction to the OWASP Top Ten

  Is there a way to automatically check for some of these security errors using a tool like FxCop?
  
  For example in your talk you suggested that instead of just looking at IsPostBack we should also check the Form action type to ensure that it is post rather than get - I bet you could write an FxCop rule for that.
  
  Sorry if I come accross as being a bit niave..

  Left by John at 4/21/2009 2:40 PM
• # re: Don’t Get Stung – An introduction to the OWASP Top Ten

  Actually FXCop is an interesting idea.
  
  Sacha Faust has some FXCop security rules up on his blog.
  
  The problem is that FXCop rules are a bit of a black art and not one I've had time to look at in any great detail. For the GET versus POST thing I put a check in the AntiCSRF module for ASP.NET so a custom exception is thrown. That is, at least, a some protection anyway.

  Left by barryd at 4/21/2009 2:44 PM

Your Reply.

Comment Form.

Fields denoted with a "*" are required.

*Your name:

*Subject:

You may also like to leave your email or website.

Your blog:

Your email:  (will not be displayed)

*Your message:
 

Please add 5 and 2 and type the answer here:

Enter the code shown above:

Preview Your Comment.