Notes from my SF.NET Developers user group talk

I spoke to The San Francisco .NET Developers User Group last week on the topic of Practical Web Application Security with ASP.NET / MVC. Following are the some of the links from my talk. For additional links, please see my earlier talk Resources – talk @ 10th Annual SecureIT conference

  • Home/MVC/Overview/Chapter 7. Security
  • Security Extensibility in ASP.NET 4 (This whitepaper covers the major ways in which security features in ASP.NET 4 can be customized, including: Encryption options and functionality in the <machineKey> element, interoperability of ASP.NET 4 forms authentication tickets with ASP.NET 2.0, configuration options to relax automatic security checks on inbound URLs, pluggable request validation, and pluggable encoding for HTML elements, HTML attributes, HTTP headers, and URL)

The code from the talk can be downloaded from here. Also, Jerry Hoff's ASP.NET port of WebGoat is available here. jerryhoff / WebGoat.NET