IPMA Security Training 2011

Today, I delivered a basic 3-hour session on areas to focus on when hardening security in WA State Agencies. I mainly focused the first half of the presentation on common best-practice methods like clear lines of communication between Project Managers and Network, Security, and Database Administrators as well as practicing good coding practices such as peer-programming, code-reviews, and the like. I finished off the first 2 hours be demonstrating the use of Fiddler2 and how it could be used to probe, and then attack an ASP.NET MVC application.

In the second half of the presentation, I demonstrated how ASP.NET MVC’s default behavior for the “Model Binder” could be leveraged by saavy users of Fiddler2 to overwrite somebody elses “User” information on a basic application. In both scenarios, I demonstrated how to defeat the hack by writing a bit more extra code to validate that the user logged in was actually the same as the user-data being updated or queried.

I’ll be posting the links to the ZIPPED source-code that I was demonstrating shortly… (Monday, May 2nd, 2011)

Drop me a line if you have any questions or wanted to discuss something else!

Comments are closed.

Our Capabilities Include:

Custom Software Development
Enterprise Architecture
Project Management
Systems Analysis
Performance Testing


These methods are vital to our work:

Agile Methodology
Test-Driven Development


About CodeSmart, Inc.

CodeSmart has been locally owned and operated in the Olympia, WA area since 2002. We direct, design, develop and deliver full end-to-end information systems using leading edge Microsoft .Net technologies and recommended best practices.