Last Thursday saw Chris Seary and myself presenting at the Microsoft offices in sunny (yes, really) Edinburgh for the Scottish Developers Group. Thanks must go to Craig and John for organising.

I presented an updated (trendy white on black) "Hacking Websites for Fun & Profit", "Securing ASP.NET Websites and Applications" and "An Introduction to Windows CardSpace".

An audience member (sorry, I didn't catch your name) asked me to put together some resource links on SQL Injection, XSS and so on. Probably the best breakdown of SQL Injection is Chris Anley's PDF, "Advanced SQL Injection In SQL Server Applications". The XSS FAQ is a good treatment of what Cross Site Scripting is, ha.ckers.org has a wonderful set of XSS inputs with which to test your application. Fritz Onion's ViewState Decoder. The Microsoft P&P PDF on Securing ASP.NET Communications and Applications is available on MSDN. Whilst it is written for .NET 1.0 (which is why I don't recommend the book these days) the advice still stands.

In addition OWASP (The Open Web Application Security Project) covers everything, including .NET specific tools and advice.

 

Technorati tags: , ,