O'Reilly logo

Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB by Stefan Schackow, Bilal Haidar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

18.1. Web Application Security Threats Overview

The focus throughout the previous chapters was how to best use and implement the different security features provided by ASP.NET 3.5, with its core based on .NET 2.0, and Internet Information Services 7.0. The major topics were as follows:

  • How ASP.NET can have control on a request from its early entrance into IIS 7.0 new integrated mode

  • How to best use the Code Access Security modes to give or deny permissions from an executing application

  • How to protect sensitive sections of a web.config configuration file, how to use Forms and Windows Authentication modules to authenticate users accessing your application

  • How to use URL authorization modules in ASP.NET and IIS to authorize users and make sure they can access resources that have permissions on them

  • Many other important security features to implement and follow to build a more secure web application.

The discussion has always been on how to use the out-of-the box security features in ASP.NET and IIS 7.0 for a more secure and robust application. However, there are security threats and attacks that have no direct corresponding modules to use in ASP.NET to protect against them. It is the role of the developer to protect against the many threats using the ASP.NET 3.5 and .NET 3.5 Framework.

For instance, most of the important threats that an application might face is the improper input validation. Developers, who depend only on the client-side input validation through the use of ASP.NET ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required