What are some of the best reference material for secure coding in the ASP.NET and classic ASP environments? I'm sure there are a ton of books out there but which ones are the best for this? If anyone has pointers to online resources also, that would be appreciated.

+1  A: 

I recommend that Writing Secure Code (Microsoft Press) be on the list

Shane O'Grady

For ASP.NET, don't forget Mr Security himself, Dominick Baier and his excellent book Developing More-Secure Microsoft® ASP.NET 2.0 Applications. I'd also recommend Stefan Schackow's Professional ASP.NET 2.0 Security, Membership, and Role Management, worth it just for the first five chapters. And finally, the other Mr Security, Keith Brown's The .NET Developer's Guide to Windows Security.

All of the above books are more practical and take an 'applied' approach rather than being about generic best practice.


I found the Security Checklist: ASP.NET 2.0 article on MSDN very useful for the ASP.NET projects I worked on. It's a quick and practical way of getting some security practices into your application.

Denis Connolly