O'Reilly logo

Programming ASP.NET MVC 4 by Hrusikesh Panda, Jess Chadwick, Todd Snyder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9. Security

This chapter discusses the details of how to build secure ASP.NET MVC web applications, including guidance on how to secure web applications; the differences that need to be taken into account when securing Internet, intranet, or extranet applications; as well as how to take advantage of functionality built right into the .NET Framework that can help prevent the common security issues that most web applications face.

Building Secure Web Applications

Benjamin Franklin once said that “an ounce of prevention is worth a pound of cure.” This statement conveys the philosophy that you should embrace when it comes to securing your web applications: the world is a dangerous place and web applications often represent attractive targets for would-be attackers, so you’re going to want to be prepared.

Unfortunately, there are no silver bullets when it comes to web application security. It isn’t as simple as including a library or making a method call. Security is something that needs to be baked into an application right from the start and not an afterthought that is tacked on at the last minute.

There are, however, a few security principles that we will explain over the next few sections that can have a great impact on creating more secure ASP.NET MVC web applications. If you keep these principles in mind as you design and implement your web applications, you have a much greater chance of avoiding some of the more common and serious security mistakes.

Defense in Depth

Just because ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required