|
|
|
|
Thursday, November 20, 2008 (EST)
- Data Validation in .NET
location: MISSISSAUGA CONVENTION CENTRE at 75 Derry Road WEST Mississauga
Data Validation in .NET. Registration is now closed. Prizes, food, and drinks! Including NEW prize of Telerik Controls Premium
|
Better Safe than Sorry: Data Validation in .NET>>
> >
Why do we validate data? Certainly validation is important for any application to ensure that business requirements are met, but there’s much more to it than that. Proper data validation is absolutely critical to the security of an application, and by extension, its users. Nearly all attacks on web applications are the result of malicious input data entered by an attacker that has gone unchecked. Of course, validating every piece of data at every single layer is simply unrealistic, not to mention a performance nightmare! So how do we make smart choices about where to validate in our large, multi-tiered .NET applications? And what techniques are available in the .NET suite?>>
> >
In this presentation, Oliver Lavery and Nish Bhalla from Security Compass discusses effective .NET data validation strategies. The presentation will dissect all layers of the typical multi-tiered web application. It will examine some sample code fragments that are commonly implemented out there and demonstrate how attackers can exploit it. It will also discuss the tools that are available, from ViewState, validator controls, and Microsoft’s anti-XSS library, to safe use of ADO.NET and LINQ. The threats are out there, but by taking advantage of proper data validation, you’ll feel safer.
Speaker Bio>>
> >
Oliver Lavery>>
> >
Oliver Lavery of Security Compass brings a decade of experience in security software development and consulting. He has been engaged on a variety of projects focusing on network and application penetration testing, reverse-engineering, security code review, vulnerability analysis, forensics, and design oversight of secure systems. >>
> >
Mr. Lavery is a noted expert in information security and has published ground-breaking vulnerabilities in Microsoft Windows, Internet Explorer, and well known applications running on the Windows platform. Most notably a paper authored by Mr. Lavery reintroduced a class of vulnerabilities in Windows that resulted in a slew of patches from Microsoft and major software vendors. >>
> >
Nish Bhalla>>
> >
Nishchal Bhalla, the Founder of Security Compass, is a specialist in product, code, web application, host and network reviews. Nish has coauthored "Buffer Overflow Attacks: Detect, Exploit & Prevent" and is a contributing author for "Windows XP Professional Security", "HackNotes: Network Security", "Writing Security Tools and Exploits" and "Hacking Exposed: Web Applications, 2nd Edition". Nish has also been involved in the open source projects such as YASSP and OWASP, and is the chair of the Toronto Chapter. He has also written articles for securityfocus and also spoken at web seminars for Global Knowledge and University of Florida.
Nish is a frequent speaker on emerging security issues. He has spoken at reputed Security Conferences around the globe such as at RSA Security Conferencere and Blackhat Europe. He also has created and taught the Exploiting & Defending Classes for Security Compass. >>
>>
|
|
|
|
|
|
 |
 |
|
I don't pretend to understand the Universe - it's a great deal bigger than I am.
-- Thomas Carlyle
|
|
|
|
 |
|
|