The always awesome Anil John will be presenting Defenses and Countermeasures - Secure Your ASP.NET Applications from Hackers at CMAP next Tuesday, May 4th.
This session presents countermeasures to defend against threats. Topics include: input validation; best practices when working with SQL Server, including the use of parameterized commands, stored procedures, accounts with limited privileges; Microsoft Windows authentication versus SQL Server logins; secure storage of connection strings; HTML-encoding of user input; vulnerabilities specific to ASP.NET forms authentication and forms authentication cookies; use of encrypted view state rather than hidden fields to maintain state between requests; storage of password hashes rather than passwords for added security; and more. (If he can pack all of that into a single user group meeting, I'll be impressed!)
Anil John is currently a Microsoft MVP for ASP.NET, a member of the MSDN Patterns & Practices Customer Advisory Board, and an ASPInsider. In addition, he was a technical reviewer for the MS Press book 'Improving Web Application Security: Threats and Countermeasures'. He has been involved with web development since the early days of Mosaic. Since that time he has been done everything from web development and system administration to application and system architecture. While he started out with an interest in web and mobile technologies, these days he finds himself being drawn more and more to addressing the challenges of digital security in a connected world using Microsoft's .NET technologies.
This meeting will be at Impact Innovations in Columbia, MD. Directions are here. The meeting starts at 6:30 PM, and the main presentation usually starts around 7:00.