Cory Isakson is giving a presention on security on the internet. Looking specifically at extranet solutions (and some good ideas in internet solutions as well). About 80 people in attendence.
Threats:
- Man in the middle
- Session reply
- Query string manipulation
- HTTP header manipulation
- Cookie manipulation
- Form field manipulation
- Luring attacks
Recommendations:
- Authorization:
- Access Control Lists
- Authorization Manager – ties in with Active Directory credentials
- ASP.NET 2.0 Permission Manager – not MS, but ties in directly to the Provider model. This looks exciting! Cory really covered this well, even giving some real code. Plus, his business logic for why this is important is very compelling. Check this out at Google. Or (I did it for you) here.
Good presentation. Enough code to keep us interested, with enough tips from experience to make us feel like we’ve had some good experienced-based tricks we can take back to us.
