What Works in AppSec: ASP.NET Identity and AntiForgery Tokens

Last week, I had the opportunity to present another webcast for SANS. This presentation shows how to block authentication, authorization, and CSRF attacks in your ASP.NET MVC applications! We break down and demonstrate how to use ASP.NET Identity to stop brute-force attacks and implement access control rules in your applications. This presentation will also show […]

Why We Should Conduct Penetration Tests

Security issues can arise from many sources. Vulnerabilities like POODLE, Heartbleed, and FREAK make headlines, but many times, simply forgetting a line of code or not changing a default setting can lead to nontrivial vulnerabilities. This was highlighted for me recently when a senior developer asked us to test an application he was building. The application […]