All geek questions in one place

General ASP.NET Application Security Considerations

A very secure ASP.NET application should be written at my work, and instead of wading through the Internet in search of best practices, I was wondering what considerations and what to do in general to ensure the public web application is safe.

Of course, we took into account the user / password combinations, but there should be a much deeper level than this. I am talking about every level and layer of application ie

  • Using URL Rewriting
  • Masterpages
  • Sitemaps
  • Connection pool
  • Session Data
  • Password Encryption
  • Using stored procedures instead of direct SQL statements

I do this by the wiki community, as there would not be a single answer that would be correct, since that was such an extensive topic of discussion. I will also point out that this is not my strength, and the previous security lock was achieved through non-state applications.

+3
source share
3 answers

This is more than I think you understand. The best advice is to get someone who already knows who can advise you. Otherwise, I will start by reading the Microsoft document, "Improving the Security of Web Applications: Threats and Countermeasures," but it should be warned that it works up to 919 printed pages.

+2
source

" " . . , pesky ';'...

+2
  • Use forms authentication instead of storing authentication data in a session.
  • Obviously: Hash passwords. If you want to be very careful, use SHA1 encryption instead of md5.
+1
source

Source: https://habr.com/ru/post/1704661/

More articles:


All Articles