Notes from my Pentesting ASP.NET talk for DODD today
As promised, here are the relevant links to things I talked about at the OWASP talk today.Here's the article I started the talk withThe OWASP Top Ten projectBackTrack 5.NET GoatMy HackThisFirst...
View ArticleOn popular events and the efficacy of registrations
Codemash - probably the single best regional development conference in the country - sold out of 1200 tickets in 20 minutes. This is pretty impressive, but hardly unheard of. ShmooCon, the DC...
View ArticleMetroUI:Another user has already installed an unpackaged version of this...
If you have had to delete your user profile in Windows 8 to get around the known Internet Explorer 10 bug, you might have run into this error when trying to run an app from Visual StudioError 2...
View ArticleClik here to view.
Referencing a C# class library in HTML5 Metro UI
I am sure that you, like me, are hoping that you can use your C# code as the backend to your HTML5 Metro applications. For instance, I need to use the Meetup API that I am developing in a metro...
View ArticleDirect Object References
I have to use the Open Graph API from Facebook ton my current project, and I found a real life example of the Direct Object Reference flaw I discuss in my Pentesting ASP.NET talk.The Direct Object...
View ArticleWin8 Metro Style navigation
WARNING! This is based on Developer Preview, and much has changed.Navigation in Metro is a little fuzzy right now. Fortunately Visual Studio has a navigation template. If you click File.NewProject, and...
View ArticleI've been deep fried!
Keith Elder and Chris Woodruff were nice enough to have me on their excellent and very popular webcast Deep Fried Bites last month, and the episode is up and ready! We discuss the security environment...
View ArticlePentesting ASP.NET talk notes
I gave my Pentesting ASP.NET talk at Safelite today, celebrating the 20th presentation of this deck. It's a good talk, I'm glad so many people like it. I know I'll be delivering it at the Louisville...
View ArticleUpcoming talks
I'm speaking at the Louisville .NET Developer's group about ASP.NET MVC pen testing and the OWASP Top 10 on Thursday June 21.I'm also scheduled to speak at That Conference, a developer summer camp in...
View ArticleWikistrat predictions for 2016
Some of you know that I am the curator of the Information Security desk at Wikistrat, a virtual strategy consulting company. We have fun over there, and a recent project was collating some predictions...
View Article
