Introduction Context Remark about the detection 1. Responsible disclosure 2. Full disclosure Remark about the security issue handling decision Cases Case 1 Context Ideal con...

Introduction Guidelines Strong Cryptography Support HTTP Strict Transport Security Digital Certificate Pinning Panic Modes Remote Session Invalidation Allow Connections from ...

Introduction Recommendations for a cipher string Scenarios Table of the ciphers (and their priority from high (1) to low (e.g. 18)) Examples for cipher strings OpenSSL How to...

Introduction Session ID Properties Session ID Name Fingerprinting Session ID Length Session ID Entropy Session ID Content (or Value) Session Management Implementation Built-i...

Introduction Primary Defenses Defense Option 1: Prepared Statements (with Parameterized Queries) Defense Option 2: Stored Procedures Defense Option 3: Whitelist Input Validation...

Introduction Validate Message Confidentiality and Integrity Validate Protocol Usage Validate Signatures Validate Protocol Processing Rules Validate Binding Implementation Val...

Introduction Primary Defenses Defense Option 1: Escape all variables using the right LDAP encoding function Safe Java Escaping Example Safe C Sharp .NET TBA Example Defense Opt...

Introduction Application Types A1: New Application A2: Productive Open Source Application A3: Productive Closed Source Application Forms of Injection Query languages SQL Injec...

Introduction The .NET Framework Updating the Framework Security Announcements .NET Framework Guidance Data Access Encryption General ASP NET Web Forms Guidance HTTP validat...

Introduction Multi-Factor Authentication Alternative Defenses Secondary Passwords, PINs and Security Questions CAPTCHA IP Blacklisting Device Fingerprinting Require Unpredict...