Web security and helpful resources

  • Complacency

    1. Educate yourself.
    2. Assume your applications will be hacked.
    3. Remember that it’s important to protect user data.
  • Cross-Site Scripting (XSS)

    1. HTML-encode all content.
    2. Encode attributes.
    3. Remember JavaScript encoding.
    4. Use AntiXSS if possible.
  • Cross-Site Request Forgery (CSRF)

    1. Token Verification.
    2. Idempotent GETs.
    3. HttpReferrer Validation.
  • Over-Posting

    1. Use the Bind attribute to explicitly whitelist or blacklist fields.

ASP.NET MVC gives you the tools you need to keep your website secure, but it’s up to you to apply them wisely. True security is an ongoing effort that requires that you monitor and adapt to an evolving threat. It’s your responsibility, but you’re not alone. Plenty of great resources are available both in the Microsoft web development sphere and in the Internet security world at large.

Below is the list of resources to get you started:

Ali Adravi Having 13+ years of experience in Microsoft Technologies (C#, ASP.Net, MVC and SQL Server). Worked with Metaoption LLC, for more than 9 years and still with the same company. Always ready to learn new technologies and tricks.
  • asp.net
By Ali Adravi On 27 Dec, 12  Viewed: 368

Other blogs you may like

Readonly textbox postback issues and solutions

In many cases we need to use read only text box so user cannot edit the value but readonly textbox will lost its value after postback. Let’s say you have a read only text box to set date by using ajax calendar so after post back date will be lost, other case might be you are setting some value in... By Ali Adravi   On 24 Apr 2013  Viewed: 4,122

Call code behind method from JavaScript in asp.net

There are ways to call a web service method JavaScript, for more detail you can see [how to retrieve data from database using JavaScript in asp.net][1], but is there any way to call a normal method from JavaScript? And the answer is No; show how we can call a code behind method from JavaScript,... By Jonathan King   On 08 Apr 2013  Viewed: 12,368

Gridview paginated data with search and sort functionality in asp.net

Most of the times we need to use GridView control to show tabular data in our asp.net application. We simply write procedure to search the records and bind them with GridView and show 10 to 20 records per page. Have you ever thought that why you are fetching all the records and show only 10 to 20... By Ali Adravi   On 16 Feb 2013  Viewed: 8,194

ASP.Net 4.5 new feature Model Binding

A nice feature with ASP.Net is the model binding, it reduced our code and effort to bind our well know controls like GridView, DataList, Repeater etc. So let’s see how we can bind our old controls in new and easy way. Let’s see how we bind the our grid before 4.5 1. We write the code to get... By Mike .Net   On 17 Jan 2013  Viewed: 3,150

Upload multiple image in multiple size with progress bar in asp.net

In asp.net there is not control to select multiple files and upload them once with progress bar, so we will use a small third party DLL to achieve this functionality. We will use Flajaxian FileUploader, you can download it from [http://www.flajaxian.com][1] We will create three different images... By Hamden   On 12 Jul 2012  Viewed: 6,503