We've all implemented things such as authentication, authorization, login forms, etc., but many developers do so without really understanding what's going on under the hood. By truly understanding how your site is handling authentication, authorization, and overall traffic, you can identify areas vulnerable to attacks. In this talk, I will be going over how to secure your site by thinking like an attacker. We'll develop a thorough understanding of cookies: their usage, how they are transmitted, how browsers are meant to handle them, security concerns, and more. We will also understand how sessions are managed by web servers, as well as security considerations in using them. Additionally, I'll describe common security vulnerabilities that exist, as well as how to protect your site from these vulnerabilities. Finally, I will go over how authentication, authorization, and session management is handled in ASP.NET MVC 5/6.
Speaker: Haz Parakrama