What are security issues in asp.net mvc?! and does MVC solved XSS and the others?!
+1
A:
The same as any other website. Just like any other language or framework Sql Injection and Request Forgery are only solved if you implement measures to prevent it. XSS is solved only if you don't need to accept HTML input and disable XSS validation.
Don't get soft thinking MS provided all the answers. It still takes a keen eye for flaws and a rigid application of counter measures to keep things secure.
jfar
2010-09-24 02:39:09
+1
A:
It helps by allowing you to use some specific pieces, but you still have to use them in appropriate places.
- Use the new default <%: that Html Encodes the output
- Use the anti forgery request token
- Use Any of the provided data access solutions. At the lowest possible level, use .Parameters to pass parameters
- Pay attention to every bit of guidance
- don't dismiss security advisory published, as the recent one affecting asp.net in general: is-asp-net-mvc-vulnerable-to-the-oracle-padding-attack
You still have to understand & question the security aspects.
eglasius
2010-09-24 05:16:25