Ultimate Collection - { fslBlog & faisalmb.com } Ultimate Collection - { fslBlog & faisalmb.com }   
Blog   |   Site   |   Posts (347)   |   Tags Xplorer   |   Feed Subscribe Free! Aha! you surfing post Take Advantage of ASP.NET... Sign in    Partner Site - Real Home Contact Search   

Thu

24

Apr

2008

Thu-24-04-2008
   

Take Advantage of ASP.NET Built-in Features to Fend Off Web Attacks


Would be old one but just a refreshing

 

Contents

What ASP.NET Developers Should Always Do
Where the Threats Come From
ViewStateUserKey
Cookies and Authentication
Session Hijacking
EnableViewStateMac
ValidateRequest
Database Perspective
Hidden Fields
E-mails and Spam
Summary
Related Resources

What ASP.NET Developers Should Always Do

If you're reading this article, you probably don't need to be lectured about the growing importance of security in Web applications. You're likely looking for some practical advice on how to implement security in ASP.NET applications. The bad news is that no development platform—including ASP.NET—can guarantee you'll be writing 100-percent secure code once you adopt it—who tells that, just lies. The good news, as far as ASP.NET is concerned, is that ASP.NET, especially version 1.1 and the coming version 2.0, integrates a number of built-in defensive barriers, ready to use.

The application of all these features alone is not sufficient to protect a Web application against all possible and foreseeable attacks. However, combined with other defensive techniques and security strategies, the built-in ASP.NET features form a powerful toolkit to help ensure that applications operate in a secure environment.

Web security is the sum of various factors and the result of a strategy that goes well beyond the boundaries of the individual application to involve database administration, network configuration, and also social engineering and phishing.

The goal of this article is to illustrate what ASP.NET developers should always do in order to keep the security bar reasonably high. That's what security is mostly about—keep the guard up, never feel entirely secure, and make it harder and harder for the bad guys to hack.

Let's see what ASP.NET has to offer to simplify the job.

Where the Threats Come From

In Table 1, I've summarized the most common types of Web attacks and flaws in the application that can make them succeed.

AttackMade possible by . . .
Cross-site scripting (XSS) Untrusted user input echoed to the page
SQL injection Concatenation of user input to form SQL commands
Session hijacking Session ID guessing and stolen session ID cookies
One-click Unaware HTTP posts sent via script
Hidden field tampering Unchecked (and trusted) hidden field stuffed with sensitive data

 

 

 

More at ....

 

Take Advantage of ASP.NET Built-in Features to Fend Off Web Attacks

http://msdn2.microsoft.com/en-us/library/ms972969.aspx

 

 


Tags: , ,

Categories : Computers / Programming / Mobiles

E-mail this post to someone.
Comments (1)

Comments

Vijay  India | Reply 5/18/2008 2:27:56 PM
Visitor Comment   Thanks for this too!

Add Comment Add comment

 
 
 
   Country flag

Click to change image  --> 

biuquote
  • Comment
  • Preview
Loading





Intro

Faisal Bashir
Consultant / Software Architect
KalSoft Limited
Microsoft Certified Technology Specialist.
Currently in Dubai. [more]

Right Now

How could u reach the pearl by only looking at the sea? if u seek the pearl, be a diver: the diver needs several qualities, he must trust his rope and his life to the Friend's hand, he must stop breating and he must jump - Jalaluddin Rumi.

Recent Comments

Comment RSS

Calendar

<<  February 2012  >>
MoTuWeThFrSaSu
303112345
6789101112
13141516171819
20212223242526
2728291234
567891011

View posts in large calendar

In the name of Allah, The Most Beneficent, The Most Merficul.
There is no god but Allah, and Muhammad (pbuh) is the messenger of Allah
383324 hits. (Best viewed @ 1024x768 resolution min.) Comments here...
© 2001-2011 Muhammad Faisal | Disclaimer | Contact | Partner Site