Difference between revisions of "CRV2 FrameworkSpecIssuesASPNet"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
= ASP.NET Security =
 
= ASP.NET Security =
  
 +
== Sanitize Input ==
 +
Anything coming from external sources can be consider as input in a web application. Not only the user inserting data through a web form, but also dsata retrieved from a web service or database, headers sent from the browsers.
 +
 +
A way of defining when input is safe can be done through defining a trust boundary
 
== Data Encryption ==
 
== Data Encryption ==
 
== Authentication and Authorization==
 
== Authentication and Authorization==
== Secure Channels ==
+
 
 
== creating a Semi- Trusted Application ==
 
== creating a Semi- Trusted Application ==

Revision as of 20:27, 13 July 2013

ASP.NET Security

Sanitize Input

Anything coming from external sources can be consider as input in a web application. Not only the user inserting data through a web form, but also dsata retrieved from a web service or database, headers sent from the browsers.

A way of defining when input is safe can be done through defining a trust boundary

Data Encryption

Authentication and Authorization

creating a Semi- Trusted Application