Security Recap and Helpful Resources
Table 7.1 recaps the threats and solutions to some common web security issues.
|Complacency||Educate yourself. Assume your applications will be hacked. Remember that it's important to protect user data.|
|Cross-Site Request Forgery (CSRF)||Token Verification. Idempotent GETs. HttpReferrer Validation.|
|Over-Posting||Use the Bind attribute to explicitly whitelist or blacklist fields.|
ASP.NET MVC gives you the tools you need to keep your website secure, but it's up to you to apply them wisely. True security is an ongoing effort that requires that you monitor and adapt to an evolving threat. It's your responsibility, but you're not alone. Plenty of great resources are available both in the Microsoft web development sphere and in the Internet security world at large. Table 7.2 shows a list of resources to get you started.
|Microsoft Security Developer Center||http://msdn.microsoft.com/en-us/security/ default.aspx|
|Book: Beginnning ASP.NET Security (Barry Dorrans)||http://www.wrox.com/WileyCDA/WroxTitle/Beginning-ASP-NET-Security.productCd-0470743654.html|
|Microsoft Code Analysis Tool .NET (CAT.NET)||http://www.microsoft.com/downloads/details .aspx?FamilyId=0178e2ef-9da8-445e-9348-c93f24cc9f9d&displaylang=en|