Page 1
Page: 1
DN-040219-AVamvakas-REV1
Application Hacking Techniques and How to Stop Them
Page 2
Page: 2
DN-040219-AVamvakas-REV1
What we will cover:
Page 3
Page: 3
DN-040219-AVamvakas-REV1
Agenda
Page 4
Page: 4
DN-040219-AVamvakas-REV1
Application Security Application vs. Infrastructure
Page 5
Page: 5
DN-040219-AVamvakas-REV1
Application Security Application vs. Infrastructure
Page 6
Page: 6
DN-040219-AVamvakas-REV1
Application Security Application vs. Infrastructure
Page 7
Page: 7
DN-040219-AVamvakas-REV1
Application Security Objectives
Page 8
Page: 8
DN-040219-AVamvakas-REV1
Agenda
Page 9
Page: 9
DN-040219-AVamvakas-REV1
Web Application Security General Concerns
Page 10
Page: 10
DN-040219-AVamvakas-REV1
Web Application Security Typical Architecture
Page 11
Page: 11
DN-040219-AVamvakas-REV1
Web Application Security Attacking Methodology
Page 12
Page: 12
DN-040219-AVamvakas-REV1
Web Application Security Application Attacks
Page 13
Page: 13
DN-040219-AVamvakas-REV1
Web Application Security Guessing (Probing) Technique
Page 14
Page: 14
DN-040219-AVamvakas-REV1
Web Application Security Guessing (Probing) Technique
Page 15
Page: 15
DN-040219-AVamvakas-REV1
Web Application Security User Input Attacks
Page 16
Page: 16
DN-040219-AVamvakas-REV1
Web Application Security User Input Attacks (URL Parameters)
Page 17
Page: 17
DN-040219-AVamvakas-REV1
Web Application Security User Input Attacks (SQL Injection Attacks)
Page 18
Page: 18
DN-040219-AVamvakas-REV1
Demonstration 1
Page 19
Page: 19
DN-040219-AVamvakas-REV1
A Sharing Slide
[ Share A ]
Page 20
Page: 20
DN-040219-AVamvakas-REV1
Web Application Security User Input Attacks
Page 21
Page: 21
DN-040219-AVamvakas-REV1
Web Application Security Hidden Field Manipulation
Page 22
Page: 22
DN-040219-AVamvakas-REV1
Web Application Security Hidden Field Manipulation
Page 23
Page: 23
DN-040219-AVamvakas-REV1
[ Poll B ]
Page 24
Page: 24
DN-040219-AVamvakas-REV1
Agenda
Page 25
Page: 25
DN-040219-AVamvakas-REV1
.Net Framework Applications Security Scope
Page 26
Page: 26
DN-040219-AVamvakas-REV1
.Net Framework Applications Security Features
Page 27
Page: 27
DN-040219-AVamvakas-REV1
.Net Framework Applications Security Threats
Page 28
Page: 28
DN-040219-AVamvakas-REV1
.Net Framework Applications Security Attacks
Page 29
Page: 29
DN-040219-AVamvakas-REV1
Demonstration 3
Page 30
Page: 30
DN-040219-AVamvakas-REV1
A Sharing Slide
[ Share B ]
Page 31
Page: 31
DN-040219-AVamvakas-REV1
Agenda
Page 32
Page: 32
DN-040219-AVamvakas-REV1
Best Practices Error Handling
Page 33
Page: 33
DN-040219-AVamvakas-REV1
Best Practices Authentication - Authorization
Page 34
Page: 34
DN-040219-AVamvakas-REV1
Best Practices Session Management
Page 35
Page: 35
DN-040219-AVamvakas-REV1
Best Practices Auditing
Page 36
Page: 36
DN-040219-AVamvakas-REV1
Best Practices Encryption
Page 37
Page: 37
DN-040219-AVamvakas-REV1
Best Practices Overview
Page 38
Page: 38
DN-040219-AVamvakas-REV1
[ Poll A ]
Page 39
Page: 39
DN-040219-AVamvakas-REV1
Session Summary
Page 40
Page: 40
DN-040219-AVamvakas-REV1
For More Information
Page 41
Page: 41
DN-040219-AVamvakas-REV1
Additional Resources
Page 42
Page: 42
DN-040219-AVamvakas-REV1
Additional Resources
Page 43
Page: 43
DN-040219-AVamvakas-REV1
Additional Resources
Page 44
Page: 44
DN-040219-AVamvakas-REV1
Additional Resources
Page 45
Page: 45
DN-040219-AVamvakas-REV1
Get Up to Speed on .NET
Page 46
Page: 46
DN-040219-AVamvakas-REV1
MSDN Security Webcast Week February 16 - 20, 2004
Page 47
Page: 47
DN-040219-AVamvakas-REV1
Learn more on Security….
Page 48
Page: 48
DN-040219-AVamvakas-REV1
DevDays is coming to a city near you
Page 49
Page: 49
DN-040219-AVamvakas-REV1
Poll: If you used Voice Over IP to connect to the audio, how...
Page 50
Page: 50
DN-040219-AVamvakas-REV1
https://msevents.microsoft.com/emcui/welcomepage.aspx?eventid=1032244847&culture=en-us
Survey Slide