O'Reilly logo

Improving Web Application Security: Threats and Countermeasures by Microsoft Corporation

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

ASP.NET Pages and Controls

Use the review questions in this section to review your ASP.NET pages and controls. For more information about the issues raised in this section, see Chapter 10.

  • Do you disable detailed error messages?

  • Do you disable tracing?

  • Do you validate form field input?

  • Are you vulnerable to XSS attacks?

  • Do you validate query string and cookie input?

  • Do you rely on HTTP headers for security?

  • Do you secure view state?

  • Do you prevent XSS?

  • Are your global.asax event handlers secure?

  • Do you provide adequate authorization?

Do You Disable Detailed Error Messages?

If you let an exception propagate beyond the application boundary, ASP.NET can return detailed information to the caller. This includes full stack traces and other information that is useful ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required