Checklist of steps to secure asp.net web application?

views:

215

answers:

+3 Q:

Checklist of steps to secure asp.net web application?

I would like to secure an ASP.NET web application against hacking. Is there a list of ASP.NET specific tasks specifically coding wise to make an ASP.NET more secure? Beyond what is mentioned on MSDN. I am interested in specific steps with code examples on ways to avoid cross site request forgeries & cross site scripting.

I know about using SQL parameters for sql injection, Windows authentication when connecting to SQL Server and validating form's input on the server.

+3 A:

From Microsoft-
http://msdn.microsoft.com/en-us/library/ms998249.aspx

A more detailed checklist-
http://technotes.towardsjob.com/dotnet/asp-net-developers-checklist-security-checklist/

apocalypse9 2009-10-01 02:13:26

http://msdn.microsoft.com/en-us/library/aa973813.aspx is another good resource for xss protection. The library provides a higher level of protection than the default encoder functionality.

apocalypse9 2009-10-01 02:16:40

The OWASP (Open Web Application Security Project) have a convenient list of the top 10 Web Application vulnerabilities: http://www.owasp.org/index.php/Top%5F10%5F2007

Here is a Microsoft Anti-Cross Site Scripting Library 1.5 tutorial: http://msdn.microsoft.com/en-us/library/aa973813.aspx

Here's a very informative, although not very well-known security resource, the ASP.NET 2.0 Internet Secure Reference Implementation - basically Patterns & Practices: http://code.msdn.microsoft.com/ASPNETv2RefImp

Last but not least, here's a video on the Architecture Behind CAT.NET: http://channel9.msdn.com/posts/Jossie/Architecture-behind-CATNET/

Download the latest build of the CAT.NET tool here (32 and 64 bit): http://bit.ly/164BlV

IrishChieftain 2009-10-01 03:46:53

ansaurus

tags:

views:

answers:

Checklist of steps to secure asp.net web application?

related questions