Menu
What are others ASP.NET Security Best Practices?
So far identified are listed here:
Always generate new encryption keys and admin passwords whenever you are moving an application to production.
Never store passwords directly or in encrypted form. Always stored one way hashed passwords.
Always store connection strings in tag of Web.config and encrypt it in configuration section by using protected configuration providers (RSA or DPAPI). See example here
Use user ID with least-privilege to connect to SQL server or the database you are using. E.g if you are only executing stored procedures from a certain module of application then you must create a user ID which has permissions to execute only.
Use PrincipalPermission if you want to use role-base security on pages.
[PrincipalPermission(SecurityAction.Demand, Role="Admin")]
public class AdminOnlyPage : BasePageClass
{
// ...
}
Always use parameters to prevent SQL Injection in the SQL queries.
Always keep on customErrors in web config to make you errors/exceptions private
<customErrors mode="On" defaultRedirect="MyErrorPage.htm" />
In web applications, always validate the user's inputs for html tags or any scripts.
Never store sensitive information, like passwords in cookies.
428
ASP.NET Core and EF contain features that help you secure your apps and prevent security breaches. The following list of links takes you to documentation detailing techniques to avoid the most common security vulnerabilities in web apps: Cross-Site Scripting (XSS) attacks.
It stores the request and response information, such as the properties of request, request-related services, and any data to/from the request or errors, if there are any. ASP.NET Core applications access the HTTPContext through the IHttpContextAccessor interface. The HttpContextAccessor class implements it.
NET Core has an easier time working with CPU-intensive tasks and rendering static pages since the in-built IIS server kernel caching makes this process very straightforward. Therefore, . NET core vs node. js performance offers different advantages for various projects.
By default, a . NET program is started with a single thread, often called the primary thread. However, it can create additional threads to execute code in parallel or concurrently with the primary thread.
I found Microsoft's Developer Highway Code to be a useful security checklist.
122
Microsoft has a lot to say about this subject:
38
4
Check out the new Security Runtime Engine (beta came out on November 14):
http://blogs.msdn.com/cisg/archive/2008/10/24/a-sneak-peak-at-the-security-runtime-engine.aspx
http://blogs.msdn.com/cisg/archive/2008/11/13/an-update-on-some-upcoming-free-tools.aspx
This should replace the current Anti-XSS library.
Anthony :-) www.codersbarn.com
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
