OVER THE PAST SEVERAL YEARS, I've been regularly presenting on security in .NET at conferences and user groups. One of the joys of these presentations is that you know when you've taught someone something new. At some point during the presentation, you can see one or two members of the audience starting to look very worried. Security is a difficult topic to discuss. Often, developers know they must take security into account during their development life cycle, but do not know what they must look for, and can be too timid to ask about the potential threats and attacks that their applications could be subjected to.
This book provides a practical introduction to developing securely for ASP.NET. Rather than approaching security from a theoretical direction, this book shows you examples of how everyday code can be attacked, and then takes you through the steps you must follow to fix the problems.
This book is different from most others in the Wrox Beginning series. You will not be building an application, but rather, each chapter is based upon a task a Web site may need to perform — accepting input, accessing databases, keeping secrets, and so on. This approach means that most chapters can be read in isolation as you encounter the need to support these tasks during your application development. Instead of exercises, many chapters will end with a checklist for the particular task covered in the chapter discussions, which you can use during your development as a reminder, and ...