• Save
Smolen Alex Securing The Mvc Architecture Part Two
Upcoming SlideShare
Loading in...5
×
 

Smolen Alex Securing The Mvc Architecture Part Two

on

  • 3,418 views

This is the slide deck for the presentation I gave at SD Best Practices 2007, in Boston, MA

This is the slide deck for the presentation I gave at SD Best Practices 2007, in Boston, MA

Statistics

Views

Total Views
3,418
Views on SlideShare
3,411
Embed Views
7

Actions

Likes
2
Downloads
0
Comments
0

2 Embeds 7

http://keepitlocked.net 6
http://www.slideee.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Smolen Alex Securing The Mvc Architecture Part Two Smolen Alex Securing The Mvc Architecture Part Two Presentation Transcript

  • Securing the MVC Architecture Part Two Alex Smolen Software Security Consultant Foundstone, Inc Mission Viejo, CA [email_address]
  • Analysis of Frameworks
  • Analysis of Frameworks - Struts
    • Struts Overview
  • Analysis of Frameworks - Struts
    • Validation - Validation Plugin
  •  
  • Struts Data Validation Architecture
  • Analysis of Frameworks - Struts
    • Authorization – Controller RBAC
  • Struts Authorization Architecture
  • Analysis of Frameworks - Struts
    • Error Handling –
    • Global Exception Handlers and ActionMessages
  • Struts Error Handling Architecture
  • Analysis of Frameworks - Struts
    • Inherited from Servlet Architecture:
    • Authentication
    • Session Management
    • Coarse-Grained Authorization
      • Alternative
  • Servlet Forms Authentication
  • Servlet Session Management
  •  
  • Servlet Authorization
  • Analysis of Frameworks - Struts
    • What’s missing?
    • Logging
    • Fine-Grained Authorization
    • Data Protection in Storage
    • Data Sanitization
  • Analysis of Frameworks – ASP.NET
    • ASP.NET Overview
  • Is ASP.NET MVC?
  • Analysis of Frameworks – ASP.NET
    • Validation –
    • Validation Controls and ValidateRequest
  • ASP.NET Validation Architecture
  • Analysis of Frameworks – ASP.NET
    • Coarse-Grained Authorization –
    • URL Authorization
  • ASP.NET Authorization Architecture
  • Analysis of Frameworks – ASP.NET
    • Error Handling – OnPageError
  • ASP.NET Error Architecture
  • Analysis of Frameworks – ASP.NET
    • Data Protection in Storage – DPAPI/Protected Configuration Providers
  • ASP.NET Data Protection Architecture
  • Analysis of Frameworks – ASP.NET
    • Session Management – ASP.NET Sessions
  • ASP.NET Session Management Architecture
  • Analysis of Frameworks – ASP.NET
    • What’s missing?
    • Logging
    • Fine-Grained Authorization (maybe)
    • Data Sanitization (sort of)
    • Good Data Validation Strategy
    • Clean Separation of MVC (by default)
  • Analysis of Frameworks – Ruby on Rails
    • Overview of Ruby on Rails
  • Ruby on Rails Architecture
  • Analysis of Frameworks – Ruby on Rails
    • Validation – Built into ActiveRecord
  • Ruby on Rails Validation Architecture
  • Analysis of Frameworks – Ruby on Rails
    • Error Handling – errors attribute in Models
  • Ruby on Rails Error Handling Architecture
  • Analysis of Frameworks – Ruby on Rails
    • Generators
    • Authentication ( acts_as_authenticated, OpenID )
    • Coarse Authorization ( acts_as_authenticated )
    • Fine Authorization ( ModelSecurity, AclSystem, AJuby, Goldberg )
  • Analysis of Frameworks – Ruby on Rails
    • What’s missing?
    • Logging
    • Data Protection in Storage
    • Default Security Mechanism Availability
    • Maturity of Security Mechanisms
  • Principles
    • Simplicity
    versus…
  • Principles
    • Centralization
    versus…
  • Principles
    • Consistency
    versus…
  • Principles
    • “ Securability”
    versus…
  • Exercise
    • Hacme Books Coupon Code
  • Exercise
    • Hacme Books Coupon Code
    15% AEODBOBOOG 25% BEAAABBOOG BEOABDBOOG
  • Conclusion
  • Conclusion
  • Conclusion