The focus of MS DevDays 2004
was on writing secure code. In the Web Development Track of the event, Paul Litwin
demonstrated SQL Injection
attacks against a simple Login web page. After all, most web apps worth attacking with SQL Injection are going to require the user to login, and Login pages are common. Of course the point of the demo was to show how easy it is to victimize a poorly written Login page. At the lunch break, one of the people I was talking to said, “Instead of showing us how to hack an unsecure login page, why don't they just build a secure login page component we can use?”. Well guess what we saw during the closing session in a demo of new features in Whidbey (codename for next release of Visual Studio.NET)? A secure login component! It's almost like they were listening to us...
posted @ Thursday, March 18, 2004 11:06 PM