Yesterday, attended the MSDN Yatra's 'ASP.NET Application Security' session by MVP Srinivas Sampath.

Was a very well balanced session.

Started with the Theory of Planning an ASP.NET application for good security.

The different stages at which the security can be provided was explained with a neat diagram.

Usage of SSL was the highlight of the presentation.

Also usage of Stored Procedures instead of writing SQL in code was emphasized upon.

There were around 4 good demos.

One was how to configure IIS to enable SSL security.

The best was the Login Demo. It demonstrated a good template for authentication. Usage of Salt(Random Number), FormsAuthentication methods to store passwords safely in database.

It was followed by Authorization demo; identifying of User Roles etc.

I am going to implement these in my Application.

That's it for now.