Steve-Driven Development

Modern Web Development Bits and Pieces

Tag Archives: ASP.NET

Brock Allen’s ASP.NET security: the tl:dr;

Posted on March 7, 2013 by Steve Cooper • Tagged ASP.NET, DevWeek, Security • Leave a comment

tl:dr;

– If it’s on an HTTP address, consider it public info — usernames, passwords, HTML, and JSON results are all interceptable.
– unless you’ve secured it, your database usernames, passwords, and data are ALSO being sent in plain text.

Dominick Baier’s ‘Securing WebAPI’ presentation and sample code

Posted on March 6, 2013 by Steve Cooper • Tagged ASP.NET, DevWeek, WebAPI • Leave a comment

Dominic Baier, who gave a great presentation on the security pipeline in WebAPI, has published his slides here and his source code here. Not going to say much else, but this is going to be a great help for us in getting our API secured.