In this chapter, you’ve learned about a number of attacks and how they can be inflicted upon a Visual Basic .NET application. For example, you’ve learned that a user name, if unchecked for length and content, could lead to an SQL or HTML script-injection attack, depending on whether you use the user name as part of an SQL query or HTML string.

Taking straightforward measures, such as validating the content of a string to ensure it doesn’t contain unexpected characters, can go a long way to preventing an attack. In addition, data needs to be checked at the point in your code where it can be used to do damage. For example, the most critical place to check the input to an SQL string is immediately before the SQL statement is executed. If the ...