Pen Testing Your MVC Application

Question

Pen Testing Your MVC Application

Here are some well-known security methods for an MVC application:

Encode Output
SQL parameterization
Check your search back and forth
1 way hash passwords
Block accounts or restrict login attempts.
Use code-based impersonation when accessing the file system
Access to SQL with a locked username
Use Honey-pots or captchas to submit forms to combat bots.

If there is any missing or erroneous data, please feel free to.

What other methods / best practices do you use or think about when the pen checks your own software. What do you do to "kick the tires" before accepting applications live.

, ?

+3

security asp.net-mvc password-protection penetration-testing

Jeremy Seekamp 27 . '10 6:21

3

, . , md4 , , . sha256 - . ( , , )

, . . , .

OWASP Top 10 - - , . , XSRF , . "", . , , , ? Scarlet PHP.

+3

rook 27 . '10 22:52

All your suggestions apply to any web application, not just MVC applications.

Specific MVC suggestions will be similar to "skinny controllers, fat models."

+1

Kevin pang Jan 27 '10 at 23:02

source share

womp · Accepted Answer · 2010-01-27T06:40:34+0000

, , .

string[] allowedProperties = new[]{ "Title", "Description"};
UpdateModel(myObject, allowedProperties);

[AcceptVerbs(HttpVerbs.Post)]
public ActionResult Create([Bind(Include="Title,Description")] MyObject object )
{

}

, , / , .

Pen Testing Your MVC Application

More articles: