MSDD: Securing a Login Form

The focus of MS DevDays 2004 was on writing secure code.  In the Web Development Track of the event, Paul Litwin demonstrated SQL Injection attacks against a simple Login web page.  After all, most web apps worth attacking with SQL Injection are going to require the user to login, and Login pages are common.  Of course the point of the demo was to show how easy it is to victimize a poorly written Login page.  At the lunch break, one of the people I was talking to said, “Instead of showing us how to hack an unsecure login page, why don't they just build a secure login page component we can use?”.  Well guess what we saw during the closing session in a demo of new features in Whidbey (codename for next release of Visual Studio.NET)?  A secure login component!  It's almost like they were listening to us...

posted @ Thursday, March 18, 2004 11:06 PM

Print
Comments have been closed on this topic.
«November»
SunMonTueWedThuFriSat
2627282930311
2345678
9101112131415
16171819202122
23242526272829
30123456