Chapter 18. Best Practices for Securing ASP.NET Web Applications

Having reached the last chapter of this book, you are now aware of all the features and modules provided by ASP.NET to help build secure web applications. All these features are out-of-the box features that ASP.NET provides to make the developer's life easy. However, a lot has to be done to secure an ASP.NET web application during its interaction with client users. In this chapter, you will be introduced to the best practices to secure an ASP.NET web application. The discussion is in the form of a list of best practices that you can follow and apply in your web application. Each recommended best practice is explained in detail with sample code, when possible.

In addition, the discussion introduces you to the vulnerabilities exposed by introducing AJAX techniques into your applications, for smooth and interactive user experiences, and the possible best practices in securing such applications.

In this chapter, will you will learn how to apply the following practices to secure your ASP.NET web application:

  • How to trust your users.

  • How to run applications with least privileges.

  • How to validate user input properly.

  • How to properly secure an HttpCookie.

  • How to secure database access.

  • How to handle SQL injection attacks.

  • How to handle cross-site scripting attacks.

  • How to handle cross-site request forgery attacks.

  • How to handle application/page exceptions properly.

  • How to guard against denial-of-service attacks.

  • How to secure data ...

Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.