Webarticles
Home | Submit | Search | RSS

Welcome Guest

Search:

Main Menu
Sponsors

wycena nieruchomoƛci warszawa
remonty warszawa
materace janpol
Categories
Tag Cloud
heart diamond earrings Web Design Design Online T-Shirt Screen Printing Design custom t-shirts custom Screen printing contract screen printing Affiliate marketing Male Enhancement 7/24 link directory forum posting cheap forum posting service Film video production
  • 4 users online.
Webarticles » Internet » Microsoft .NET Framework Secure Coding Guidelines

Microsoft .NET Framework Secure Coding Guidelines

View PDF | Print View
by: analogik
Total views: 2
Word Count: 312
Date: Mon, 1 Mar 2010 Time: 12:07 AM
0 comments

A report published by SANS in September 2009 entitled "The Top Cyber Security Risks" found that web application attacks constituted more than 60% of the total attacks observed on the Internet. SQL injection, cross-site scripting (XSS) and file inclusion were the three most popular techniques used in successful attacks. All three are the direct result of lax data validation and insecure code.

The easiest and most effective way to implement data validation on forms within your web application is to use the validator controls provided by the .NET Framework. Validator controls provide validation of the form data sent in a POST request on the server-side and the entered data on the client-side using JavaScript.

There are six controls included within the framework: RequireFieldValidator, CompareValidator, RangeValidator, RegularExpressionValidator, and CustomValidator.

Parameterised SQL queries are a secure alternative to concatenating chunks of SQL syntax with user input and prevent SQL injections. Placeholders are used to represent where user input will be substituted into a query, and the user input is validated before substitution occurs. Using parameterised queries also offers some performance benefit, as strings are no longer being concatenated, which can be computationally intensive.

The Microsoft Anti-XSS Library is an encoding library designed to help developers protect against cross-site scripting attacks. It provides a white-listing approach that defines a set of valid or allowable characters and encodes anything outside that set.

Request validation is a feature enabled by default on the .NET Framework that identifies suspicious strings of user input and halts the execution of a page by throwing an exception. It will not, however, prevent all possible attacks and must not be relied upon.

It is important to have defence in depth, as it is possible that one or more aspects of your information security may be circumvented or broken at any time.

About the Author

Sense of Security is Australia's premier provider of a range of information security and risk management solutions. Our focused offering includes penetration testing services and secure application development training to safeguard your organisation's network presence.

Rating: Not yet rated

Powered by ArticleMS from ArticleTrader 0.06s