Security Recap and Helpful Resources
Table 7.1 recaps the threats and solutions to some common web security issues.
Table 7.1: ASP.NET Security
| Threat | Solutions |
| Complacency | Educate yourself. Assume your applications will be hacked. Remember that it's important to protect user data. |
| Cross-Site Scripting (XSS) | HTML-encode all content. Encode attributes. Remember JavaScript encoding. Use AntiXSS if possible. |
| Cross-Site Request Forgery (CSRF) | Token Verification. Idempotent GETs. HttpReferrer Validation. |
| Over-Posting | Use the Bind attribute to explicitly whitelist or blacklist fields. |
ASP.NET MVC gives you the tools you need to keep your website secure, but it's up to you to apply them wisely. True security is an ongoing effort that requires that you monitor and adapt to an evolving threat. It's your responsibility, but you're not alone. Plenty of great resources are available both in the Microsoft web development sphere and in the Internet security world at large. Table 7.2 shows a list of resources to get you started.
Table 7.2: Security Resources
| Resource | Url |
| Microsoft Security Developer Center | http://msdn.microsoft.com/en-us/security/ default.aspx |
| Book: Beginnning ASP.NET Security (Barry Dorrans) | http://www.wrox.com/WileyCDA/WroxTitle/Beginning-ASP-NET-Security.productCd-0470743654.html |
| Microsoft Code Analysis Tool .NET (CAT.NET) | http://www.microsoft.com/downloads/details .aspx?FamilyId=0178e2ef-9da8-445e-9348-c93f24cc9f9d&displaylang=en |
| AntiXSS | http://antixss.codeplex.com/ ... |
Get Professional ASP.NET MVC 3 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
