Sunday, April 26, 2009

CSRF session at Microsoft innovation day (22nd April, 2009)



I was invited by the CuttingEdge Club to make a presentation about "Application Security" in Microsoft Innovation Day, I thought first that most of the attendees will be professional developers so I decided to exclude common topics in application security like "XSS, SQL Injection, Input Validation".

I decided to make it about "Cross Site Request Forgery" specifically the session title was "How do I: Protect from Cross Site Request Forgery in ASP.NET". I think it was quite interesting for the audience -specially that most of the other sessions were about SharePoint-.

I found out later that most of the attendees are students so I tried to use only simple terms -I don't think I managed to do it- as CSRF is quite complicated by nature and most developers confuse it with XSS.

Anyway I think I managed to spread the awareness of application security vulnerabilities and their huge impact -either financially or from privacy prospective- on the internet today.


Here is the presentation