That trip turned out to be a bit of a whirlwind. Sorry I had to dash straight after the presentation!

The talk was an introduction to cross-site scripting (XSS), cross domain request forgery (CDRF) and clickjacking, and used a common theme of "never trust users" to show how trusting GET, POST, Cookies, Headers or other user supplied data could be your downfall.

I've already posted the slides to this talk from back when I presented at the Christchurch Code Camp: Overcoming your web insecurity

• Subscribe to my blog: http://pageofwords.com
• The Classifieds web site starter kit
• The Microsoft Anti-XSS Library (use instead of HttpUtility.Encode)
• Which ASP.NET Controls Automatically Encode?
• Clickjacking video
• Framebusting:
  http://pageofwords.com/blog/2008/10/06/FrameBustingInJavascript.aspx
• Security Runtime Engine (coming, will help with ASP.NET controls)
• OWASP – The Open Web Application Security Project – http://www.owasp.org

There's a new beta of the Anti-XSS library that you should check out when encoding your user-supplied data for use in HTML or attributes. At the same link is the new CAT.NET tool that analyses your code for weaknesses.

The Anti-XSS library now includes the Security Runtime Engine, which will help when encoding ASP.NET controls. I'll be posting about it here soon, so subscribe to my RSS feed :)