I am planning to start a new web site on ASP.NET MVC 2 (3).
Does anybody have a full (if possible) check list of actions or approaches I should go through to avoid most security issues?
- 1Related Guidance for HTTPS-only sites– makerofthings7CommentedOct 1, 2011 at 15:17
- @makerofthings it's useful and good question– garikCommentedOct 1, 2011 at 15:23
Add a comment |
3 Answers
Based on this blog post, I'm using POSTs for all my JSON data. This underscores a few items in the Codevanced checklist pasted here.
answered Feb 6, 2011 at 14:58
- 1That blog post is a great illustration of JSON prototype hijacking. Thank you for the link.– D.W.CommentedSep 5, 2011 at 19:07
Barry Dorans, author of Beginning ASP.NET Security, provides some good material on the subject. I read his book and he covers a lot of ASP.NET MVC specific material.
If you are looking for a check list of application security controls, be sure to also check out the OWASP ASVS project.
- Well, there's a chapter on it, but most of the book is core concepts which cover both webforms and MVC. Thanks for the recommendation :)– blowdartCommentedNov 19, 2010 at 22:47
Here's a video series on how to hack proof your asp.net sites, it is two videos of about 50min where he also includes an introduction to the topic, he also includes examples, I havn't seen all of it yet, but I think it will cover some of your questions, or atleast give you som inspiration.
- 1Hi @psalomonsen, welcome to Information Security! Can you please edit your answer to include a summary, instead of just linking? See the FAQ, and How to Answer.– AviD♦CommentedSep 5, 2011 at 13:17
