The HaaHa Show: Microsoft ASP.NET MVC Security with Haack and Hanselman
Join Phil Haack and Scott Hanselman for this dynamic and unusual security session. The HaaHa brothers take turns implementing features on an ASP.NET MVC website. Scott writes a feature, and Phil exploits it and hacks into the system. We analyze and discuss the exploits live on stage and then close them one by one. Learn about XSS, CSRF, JSON Hijacking and more. Is *your* site safe from the Haack?
20 Comments
Zachary Scott said
Feb 18 2010
It would be really good to put these ideas in to automated testing.
Keith said
Mar 8 2010
Who likes to rock the party? Phil Haack and Scott Hanselman like to rock the party!
Chris said
Mar 10 2010
Great title for this presentation. The dynamic duo teaming up to present this topic should make for a very entertaining and informative presentation. I'm bummed that I will miss MIX this year :(
said
Mar 15 2010
really?
mike j said
Mar 15 2010
This should be really good. Anyone know if this will make it to http://live.visitmix.com?
I am stuck in Toronto doing a release but would love to see this talk somehow.
Igor Zevaka said
Mar 16 2010
Prepare to get haacked!!!
Kadir Avci said
Mar 16 2010
I'm so excited :)
It will be so good.
Ronald Garlit said
Mar 16 2010
Will there be a recording on MSDN?
We are working on our pilots and testing of MVC Framework to determine it's place within our company.
Security Practices specific to MVC Framework is one of the areas I'm looking for information on.
copy and paste said
Mar 16 2010
Is true that winpho 7 wont have copy and paste? wow thats sucks, maybe android is actually better?
http://www.engadget.com/2010/03/16/windows-phone-7-series-wont-have-copy-and-paste/
Roger said
Mar 17 2010
I get a media failure when viewing the video. Anyone else getting this?
Roger
Kevin said
Mar 17 2010
I get media failure too, around 15min into the video. The download fails on that spot too.
to bad =(
Han Cheng said
Mar 18 2010
That was an excellent video on Cross Site Scripting.
Erlend said
Mar 18 2010
These features look really nice!
Looks like you were double encoding it though, when you were running both with "<%:" (handed off to AntiXssLibrary) and Ajax.JavaScriptStringEncode()
Erlend said
Mar 18 2010
These features look really nice!
Looks like you were double encoding it though, when you were running both with "<%:" (handed off to AntiXssLibrary) and Ajax.JavaScriptStringEncode()
Michael said
Mar 18 2010
I'm getting media failure too...but it's more like SUPER slow-down at the 15 min mark.
said
Mar 18 2010
Nice survey of various of web page injection-attack vulnerabilities, some more (or less) obvious than others, and some ASP.NET/MVC options for dealing with them. Also, greatly entertaining. (Practice safe piano-hamster vids!)
Thanks!
Hemant Jangid said
Apr 19 2010
I don't whether it is because I live in India but the video streaming sucks. I have a pretty good broadband connection and never have trouble with youtube videos.
I tried downloading the show but it downloads @ 10 kbps which will effectively take forever!
Too bad! :(
Eddie said
May 14 2010
Nice show. Frustrating to watch you guys fumble through Fiddler though - read the UI! Theres a much easy way to rebuild requests from existing requests and hack away from there.
@Hemant - If the streaming sucks (which it often does for me too, being in New Zealand) then just download the file. Also, Youtube is a completely different beast - Google goes around putting cache servers everywhere to speed up performance.
said
Jul 17 2010
[[url=http://www.fivefingerssupply.com/][b]vibram five[/b][/url]
[url=http://www.fivefingerssupply.com/][b]vibram five fingers[/b][/url]
[url=http://www.fivefingerssupply.com/][b]vibram shoes[/b][/url]
[url=http://www.fivefingerssupply.com/][b]fivefingers[/b][/url]
[url=http://www.fivefingerssupply.com/][b]vibram fivefingers[/b][/url]
[url=http://www.fivefingerssupply.com/][b]five fingers shoes[/b][/url]
[url=http://www.fivefingerssupply.com/][b]fivefingers vibram[/b][/url]
[url=http://www.fivefingerssupply.com/][b]five fingers vibram[/b][/url]
[url=http://www.fivefingerssupply.com/][b]five fingers vibram sale[/b][/url]
[url=http://www.fivefingerssupply.com/][b]five fingers vibram uk[/b][/url]
[url=http://www.fivefingerssupply.com/][b]five fingers[/b][/url]
[url=http://www.fivefingerssupply.com/][b]vibram five fingers sale[/b][/url]
[url=http://www.fivefingerssupply.com/][b]vibram bikila[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-classic-c-2.html][b]Vibram five fingers Classic[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-classic-c-2.html][b]Vibram five fingers Classic Sale[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-sprint-c-3.html][b]vibram five fingers sprint[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-sprint-c-3.html][b]vibram five fingers sprint women[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-sprint-c-3.html][b]vibram five fingers sprint mens[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-sprint-c-3.html][b]vibram five fingers sprint sale[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-kso-c-1.html][b]vibram kso[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-kso-c-1.html][b]five fingers kso[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-kso-c-1.html][b]vibram five fingers kso[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-kso-c-1.html][b]vibram five fingers kso sale[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-kso-c-1.html][b]vibram five fingers kso women's[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-kso-c-1.html][b]vibram five fingers kso mens[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-kso-c-1.html][b]vibram five fingers kso black[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-kso-trek-c-4.html][b]vibram five fingers kso trek sale[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-kso-trek-c-4.html][b]vibram five fingers kso trek[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-kso-trek-c-4.html][b]vibram kso trek[/b][/url]
[url=http://www.fivefingerssupply.com/vibram-five-fingers-kso-trek-c-4.html][b]vibram trek[/b][/url]
[url=http://www.vibramfivefingerssupply.com/][b]vibram[/b][/url]
[url=http://www.vibramfivefingerssupply.com/][b]vibram fingers[/b][/url]
[url=http://www.vibramfivefingerssupply.com/][b]vibram five[/b][/url]
[url=http://www.vibramfivefingerssupply.com/][b]vibram five fingers[/b][/url]
[url=http://www.vibramfivefingerssupply.com/][b]vibram shoes[/b][/url]
[url=http://www.vibramfivefingerssupply.com/][b]fivefingers[/b][/url]
[url=http://www.vibramfivefingerssupply.com/][b]fivefingers vibram[/b][/url]
[url=http://www.vibramfivefingerssupply.com/][b]five fingers vibram[/b][/url]
[url=http://www.vibramfivefingerssupply.com/][b]five fingers vibram sale[/b][/url]
[url=http://www.vibramfivefingerssupply.com/][b]five fingers vibram uk[/b][/url]
[url=http://www.vibramfivefingerssupply.com/][b]five fingers[/b][/url]
[url=http://www.vibramfivefingerssupply.com/][b]vibram five fingers sale[/b][/url]
[url=http://www.vibramfivefingerssupply.com/vibram-five-fingers-classic-c-2.html][b]Vibram five fingers Classic[/b][/url]
[url=http://www.vibramfivefingerssupply.com/vibram-five-fingers-sprint-c-3.html][b]vibram five fingers sprint[/b][/url]
[url=http://www.vibramfivefingerssupply.com/vibram-five-fingers-sprint-c-3.html][b]vibram five fingers sprint women[/b][/url]
[url=http://www.vibramfivefingerssupply.com/vibram-five-fingers-sprint-c-3.html][b]vibram five fingers sprint mens[/b][/url]
[url=http://www.vibramfivefingerssupply.com/vibram-five-fingers-sprint-c-3.html][b]vibram five fingers sprint sale[/b][/url]
[url=http://www.vibramfivefingerssupply.com/vibram-five-fingers-kso-c-1.html][b]vibram five fingers kso[/b][/url]
[url=http://www.vibramfivefingerssupply.com/vibram-five-fingers-kso-c-1.html][b]vibram five fingers kso sale[/b][/url]
[url=http://www.vibramfivefingerssupply.com/vibram-five-fingers-kso-c-1.html][b]vibram five fingers kso women's[/b][/url]
[url=http://www.vibramfivefingerssupply.com/vibram-five-fingers-kso-c-1.html][b]vibram five fingers kso mens[/b][/url]
[url=http://www.vibramfivefingerssupply.com/vibram-five-fingers-kso-c-1.html][b]vibram five fingers kso black[/b][/url]
[url=http://www.vibramfivefingerssupply.com/vibram-five-fingers-kso-c-1.html][b]vibram five fingers kso trek sale[/b][/url]
[url=http://www.vibramfivefingerssupply.com/vibram-five-fingers-kso-c-1.html][b]vibram kso[/b][/url]
[url=http://www.vibramfivefingerssupply.com/vibram-five-fingers-kso-trek-c-4.html][b]vibram five fingers kso trek[/b][/url]
[url=http://www.vibramfivefingerssupply.com/vibram-five-fingers-kso-trek-c-4.html][b]vibram kso trek[/b][/url]
[url=http://www.vibramfivefingerssupply.com/vibram-five-fingers-kso-trek-c-4.html][b]vibram trek[/b][/url]
Andy Rose said
Jul 22 2010
Great video; did you get to bottom of the EF issue that scuppered the final demo?