Beginning ASP.NET Security

  • 6h 41m
  • Barry Dorrans
  • John Wiley & Sons (US)
  • 2010

A practical guide to securing ASP.NET sites

Beginning ASP.NET Security is for novice to intermediate ASP.NET programmers and provides a step-by-step solution to securing each area of ASP.NET development. Rather than approaching security from a theoretical direction, MVP Barry Dorrans shows you examples of how everyday code can be attacked, and describes the steps necessary for defense. Inside, you'll learn how you can defend your ASP.NET applications using the .NET framework, industry patterns and best practices, code libraries and resources provided by Microsoft and others.

Beginning ASP.NET Security:

  • Explores issues with user input including validation, cross-site scripting (XSS) and cross-site request forgery (CSRF)
  • Teaches how to securely access your database and defend against SQL injection attacks
  • Shares techniques for keeping secrets, including encryption, hashing and preventing information leaks
  • Examines methods for authenticating and authorizing users, including ASP.NET membership providers and preventing cookie theft
  • Shares tips for securing your web server, including how ASP.NET uses trust levels and locking down IIS
  • Unveils ways to securely use WCF web services
  • Presents security with the Microsoft ASP.NET Ajax framework and Silverlight
  • Includes an overview of security with the Microsoft MVC framework

About the Author

Barry Dorrans is a consultant, speaker and Microsoft MVP in the "Visual Tools – Security" category. His approach to development and writing blends humor with the paranoia suitable for considering security.

In this Book

  • Introduction
  • Why Web Security Matters
  • How the Web Works
  • Safely Accepting User Input
  • Using Query Strings, Form Fields, Events, and Browser Information
  • Controlling Information
  • Keeping Secrets Secret—Hashing and Encryption
  • Adding Usernames and Passwords
  • Securely Accessing Databases
  • Using the File System
  • Securing XML
  • Sharing Data with Windows Communication Foundation
  • Securing Rich Internet Applications
  • Understanding Code Access Security
  • Securing Internet Information Server (IIS)
  • Third-Party Authentication
  • Secure Development with the ASP.NET MVC Framework