# Beginning ASP.NET Security | Beginners To Pro

INTRODUCTION

OVER THE PAST SEVERAL YEARS, I’ve been regularly presenting on security in .NET at conferences and user groups. One of the joys of these presentations is that you know when you ’ve taught
someone something new. At some point during the presentation, you can see one or two members of
the audience starting to look very worried. Security is a diffi cult topic to discuss. Often, developers
know they must take security into account during their development life cycle, but do not know
what they must look for, and can be too timid to ask about the potential threats and attacks that
their applications could be subjected to.

This book provides a practical introduction to developing securely for ASP.NET. Rather than
approaching security from a theoretical direction, this book shows you examples of how everyday
code can be attacked, and then takes you through the steps you must follow to fi x the problems.
This book is different from most others in the Wrox Beginning series. You will not be
building an application, but rather, each chapter is based upon a task a Web site may need to
perform — accepting input, accessing databases, keeping secrets, and so on. This approach means
that most chapters can be read in isolation as you encounter the need to support these tasks during
your application development. Instead of exercises, many chapters will end with a checklist for the
particular task covered in the chapter discussions, which you can use during your development as a
reminder, and as a task list to ensure that you have considered and addressed each potential fl aw or
vulnerability.

When you decide to test your applications for vulnerabilities, be sure that you run any tests against
a development installation of your site. If you have a central development server, then ensure that
you inform whoever manages the server that you will be performing security testing. Never run
any tests against a live installation of your application, or against a Web site that is not under your
control.

Be aware that your country may have specifi c laws regarding encryption. Using some of the methods
outlined in this book may be restricted, or even illegal, depending on where you live.

WHO THIS BOOK IS FOR

This book is for developers who already have a solid understanding of ASP.NET, but who need
to know about the potential issues and common security vulnerabilities that ASP.NET can have.
The book does not teach you how to construct and develop an ASP.NET Web site, but instead will
expand upon your existing knowledge, and provide you with the understanding and tools to secure

• INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• CHAPTER 1 Why Web Security Matters . . . . . . . . . . . . . . . . . .
• PART I THE ASP.NET SECURITY BASICS
• CHAPTER 2 How the Web Works . . . . . . . . . . . . . . .
• CHAPTER 3 Safely Accepting User Input . . . . . . . . . . . . . . . . . . . . .
• CHAPTER 4 Using Query Strings, Form Fields, Events,
• and Browser Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• CHAPTER 5 Controlling Information . . . . . . . . . . . . . . . . . . . . . .
• CHAPTER 6 Keeping Secrets Secret — Hashing and Encrypton. . . . . . . .
• PART II SECURING COMMON ASP.NET TASKS
• CHAPTER 7 Adding Usernames and Passwords . . . . . . . . . . . . . . . . . .
• CHAPTER 8 Securely Accessing Databases . . . . . . . . . . . . . . . . . . . . .
• CHAPTER 9 Using the File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• CHAPTER 10 Securing XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• PART III ADVANCED ASP.NET SCENARIOS
• CHAPTER 11 Sharing Data with Windows Communication Foundation . . . . . . .
• CHAPTER 12 Securing Rich Internet Applications . . . . . . . . . . . . . . . . . . . . . . .
• CHAPTER 13 Understanding Code Access Security . . . . . . . . . . . . . . . .
• CHAPTER 14 Securing Internet Information Server (IIS) . . . . . . . . . . . . . . . . .
• CHAPTER 15 Third-Party Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
• CHAPTER 16 Secure Development with the ASP.NET MVC Framework . . . . . . .
• INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Go To Base64 & Decode: