Orlando .NET Code Camp | 2009

Although virtually all developers appreciate the importance of creating secure applications, relatively few such developers are familiar with the techniques and processes that may be used to effectuate this end. In this session, we discuss some common approaches to threat modeling, vulnerability analysis, and code review in a DotNetNuke context. We examine the tradeoffs between manual and automated analysis, and touch on some common static analysis tools. These concepts are applied to DotNetNuke development through a number of collaborative exercises. Although this session focuses on secure DotNetNuke module development, it is also appropriate for other ASP.NET developers who wish to learn more about secure application design.