MSDD: Securing a Login Form

The focus of MS DevDays 2004 was on writing secure code.  In the Web Development Track of the event, Paul Litwin demonstrated SQL Injection attacks against a simple Login web page.  After all, most web apps worth attacking with SQL Injection are going to require the user to login, and Login pages are common.  Of course the point of the demo was to show how easy it is to victimize a poorly written Login page.  At the lunch break, one of the people I was talking to said, “Instead of showing us how to hack an unsecure login page, why don't they just build a secure login page component we can use?”.  Well guess what we saw during the closing session in a demo of new features in Whidbey (codename for next release of Visual Studio.NET)?  A secure login component!  It's almost like they were listening to us...

posted @ Thursday, March 18, 2004 11:06 PM

Print
Comments have been closed on this topic.
«March»
SunMonTueWedThuFriSat
22232425262728
1234567
891011121314
15161718192021
22232425262728
2930311234