Developing More-Secure Microsoft® ASP.NET 2.0 Applications by Dominick Baier

By Dominick Baier

Get hands-on, specialist suggestions for constructing safer net purposes with ASP.NET 2.0. This reference deals top practices and useful guide with code samples in C# to aid construct purposes which are extra proof against vulnerabilities.

Show description

Read or Download Developing More-Secure Microsoft® ASP.NET 2.0 Applications PDF

Best .net books

A First Look at ASP.NET v. 2.0

"This booklet offers a primary examine the recent significant unlock of ASP. web. The authors have labored heavily with the ASP. web workforce at Microsoft to ensure that this e-book is authoritative, exact, and informative. someone utilizing ASP. internet will discover a wealth of worthwhile information at the subsequent model. -Scott Guthrie, Product Unit supervisor, net structures and instruments crew, Microsoft CorporationA First examine ASP.

Designing Scalable .NET Applications

This article describes the structure of a scalable . internet program utilizing Microsoft applied sciences, giving an summary of scalability layout that's appropriate for IT architects, process designers, and builders

Advanced .NET Programming

Complicated . web Programming is definitely the right subsequent step for builders who've realized a . internet language and the fundamental workings of the typical Language Runtime, and who now are looking to circulation to the following point. even if we glance in a few aspect on the workings of the CLR, the focal point in the course of the publication is at the useful info it's good to comprehend to write down functions that actually get the main out of .

Microsoft SharePoint: Building Office 2003 Solutions

This designated moment version is Scot Hillier's follow-up to his market-leading SharePoint e-book. the hot model comprises huge updates to the former version, with emphasis on visible Studio instruments for workplace 2005 and new techniques for utilizing SharePoint to enhance enterprise potency. additionally featured are new workflow recommendations for SharePoint and BizTalk, and a brand new bankruptcy on construction a SharePoint answer from begin to end.

Extra resources for Developing More-Secure Microsoft® ASP.NET 2.0 Applications

Sample text

Aspx. 44 45 The behavior of Parse is that it throws an exception if the parsing doesn't succeed. Text); } catch { // Signal somehow that conversion failed. } // more validation } Wrapping every conversion into a try/catch block makes your code quite cumbersome, and throwing an exception is a really expensive operation in the CLR. 0 introduces a new method called TryParse, which simply returns a Boolean that indicates whether the conversion succeeded, and if it did, the converted value is placed in an out parameter.

In such cases, you a least want to make sure that this input cannot hurt your application and your users when you have to render it back to a browser. Output encoding is the process of transforming input data into an output format that contains no or only selectively allowed special characters. This is commonly used to mitigate HTML injection problems. Consider a simple guestbook as an example, such as the one in Figure 3-2. You want users to leave a comment and also allow them to do basic formatting such as using bold and italic type.

You could add an additional deployment step in which you take the fingerprint of all files and store it somewhere safe. Afterward, you could periodically rescan your application file, recompute those fingerprints, and compare them to the stored 54 55 ones. Changes in a fingerprint would mean that the file was changed and that the change was not part of an update or deployment, which could be an indicator of a potential server compromise. See the section titled "Hashing Data" in Chapter 4 for more information on how to create such fingerprints for files.

Download PDF sample

Rated 4.36 of 5 – based on 26 votes