Ultimate Collection - { fslBlog & faisalmb.com } Ultimate Collection - { fslBlog & faisalmb.com }   
Blog   |   Site   |   Posts (226)   |   Tags Xplorer   |   Feed Subscribe Free! Aha! you surfing post...     Sign in    Partner Site - Real Home Contact  

Wed

23

Apr

2008

  Take Advantage of ASP.NET Built-in Features to Fend Off Web Attacks

Would be old one but just a refreshing

 

Contents

What ASP.NET Developers Should Always Do
Where the Threats Come From
ViewStateUserKey
Cookies and Authentication
Session Hijacking
EnableViewStateMac
ValidateRequest
Database Perspective
Hidden Fields
E-mails and Spam
Summary
Related Resources

What ASP.NET Developers Should Always Do

If you're reading this article, you probably don't need to be lectured about the growing importance of security in Web applications. You're likely looking for some practical advice on how to implement security in ASP.NET applications. The bad news is that no development platform—including ASP.NET—can guarantee you'll be writing 100-percent secure code once you adopt it—who tells that, just lies. The good news, as far as ASP.NET is concerned, is that ASP.NET, especially version 1.1 and the coming version 2.0, integrates a number of built-in defensive barriers, ready to use.

The application of all these features alone is not sufficient to protect a Web application against all possible and foreseeable attacks. However, combined with other defensive techniques and security strategies, the built-in ASP.NET features form a powerful toolkit to help ensure that applications operate in a secure environment.

Web security is the sum of various factors and the result of a strategy that goes well beyond the boundaries of the individual application to involve database administration, network configuration, and also social engineering and phishing.

The goal of this article is to illustrate what ASP.NET developers should always do in order to keep the security bar reasonably high. That's what security is mostly about—keep the guard up, never feel entirely secure, and make it harder and harder for the bad guys to hack.

Let's see what ASP.NET has to offer to simplify the job.

Where the Threats Come From

In Table 1, I've summarized the most common types of Web attacks and flaws in the application that can make them succeed.

AttackMade possible by . . .
Cross-site scripting (XSS) Untrusted user input echoed to the page
SQL injection Concatenation of user input to form SQL commands
Session hijacking Session ID guessing and stolen session ID cookies
One-click Unaware HTTP posts sent via script
Hidden field tampering Unchecked (and trusted) hidden field stuffed with sensitive data

 

 

 

More at ....

 

Take Advantage of ASP.NET Built-in Features to Fend Off Web Attacks

http://msdn2.microsoft.com/en-us/library/ms972969.aspx

 

 

Rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags: , ,

Categories : Computers / Programming / Mobiles

E-mail this post to someone.
Comments (1)

Comments

Vijay  in 5/17/2008 11:27:56 PM
Thanks for this too!

Add comment
 Your Name*  
 Your E-mail (will not get publish)  
 Your Website  
 Your Country   Country flag

Comment*   
[b][/b] - [i][/i] - [u][/u]- [quote][/quote]








Intro

Name of author Faisal Bashir
Senior Software Engineer
KalSoft Limited
Microsoft Certified Technology Specialist.

Add to/Bookmark with:


deliciousDelicious  diggDigg  redditreddit  facebookFacebook  stumbleuponStumbleUpon

Add to Google Reader or Homepage Add to My AOL
Add to My Yahoo!

Categories

Archive

Recent posts

Recent comments

Tags Cloud

Then which of the favours of your Lord will you twain deny? (Holy Quraan - 55-21)
79692 hits. (Best viewed @ 1024x768 resolution min.) Comments here...
© 2001-2008 Muhammad Faisal | Disclaimer | Contact | Partner Site