About me… Sam Nasr Independent Software Consultant Nasr Information Systems Software developer since 1995 MCAD, MCT, MCTS(WSS/MOSS) President - Cleveland C#/VB.Net User Group Contact Info E-mail: firstname.lastname@example.org Blog: ClevelandDotNet.blogspot.com/
Setting Expectations What will be covered Overview of security in.Net FW Some coding techniques, due to time Take home Laundry List Discuss code and organizational policies What will NOT be covered COM, Activex DB Security Identifying Security Bugs
Why Security? Protect the Data Credit Card #s Corporate Data (Financial info) Patient Information Ensure App Integrity Prevent loss of revenue (i.e. $1 plane tickets) Uptime (DOS Attacks) Ensure App Authenticity Customers run intended applications
What are the odds? 1 Developer vs. Many Hackers 1 Dev Hour vs. Many hacker hours Salary vs. Personal Pride Focused vs. Continuous Attempts
Holistic Security Physical Location of servers ALL servers (App & DB) must be configured for security Train users against social engineering Security code review Security Testing Practice Active Defense Recovery Plan Keep your users aware of the security risk
Anti-Cross Site Scripting Library A Cross Site Scripting attack (XSS): when a hacker inserts a link in an e-mail or web forum that appears to be legitimate (i.e. cnn.com, google.com). However, the link actually a malicious script code embedded in the URL. When the unsuspecting user clicks the link, the script is executed on the host web site. The script code maybe used to transfer cookies from the victim's PC to the hacker's machine. The cookies may contain user ID's, passwords, or possibly credit card information, all which can be used for illegal purposes. http://www.microsoft.com/downloads/details.aspx?familyid=9A2B9C92- 7AD9-496C-9A89-AF08DE2E5982&displaylang=en
Your consent to our cookies if you continue to use this website.