TechQA.

Defensive techniques for ASP.MVC for internet facing site

207 views Asked by At

I am working on my first asp MVC project that will ultimately end up on a publicly accessible web server (I have worked on some internal apps in MVC). What techniques, practices should I be thinking about (specific to MVC or otherwise) to improve security.

Off the top of my head obviously there is the AcceptVerb attribute for actions and Validation what else?

asp.net-mvc defensive-programming
Original Q&A
3

There are 3 answers

0
Haacked On BEST ANSWER

The Windows Live team has written a white-paper describing lessons learned using ASP.NET MVC on certain Windows Live properties. They do a lot of security analysis and present their security tips here:

http://www.microsoft.com/downloads/details.aspx?FamilyID=7606f801-70c5-49ca-a18c-91d4ed725833&displaylang=en

1
brianng On
0
Darin Dimitrov On

A couple of points:

  • Encode every user input
  • Use anti forgery tokens
  • Use POST verbs for every request that modifies state

Related Questions in ASP.NET-MVC

Related Questions in DEFENSIVE-PROGRAMMING

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions