I am planning to start a new web site on ASP.NET MVC 2 (3).
Does anybody have a full (if possible) check list of actions or approaches I should go through to avoid most security issues?
Asked
Active
Viewed 3,299 times
14
-
1Related [Guidance for HTTPS-only sites](http://security.stackexchange.com/questions/7790/gui) – makerofthings7 Oct 01 '11 at 15:17
-
@makerofthings it's useful and good question – garik Oct 01 '11 at 15:23
3 Answers
6
Based on this blog post, I'm using POSTs for all my JSON data. This underscores a few items in the Codevanced checklist pasted here.
makerofthings7
- 50,090
- 54
- 250
- 536
-
1That blog post is a great illustration of JSON prototype hijacking. Thank you for the link. – D.W. Sep 05 '11 at 19:07
5
Barry Dorans, author of Beginning ASP.NET Security, provides some good material on the subject. I read his book and he covers a lot of ASP.NET MVC specific material.
If you are looking for a check list of application security controls, be sure to also check out the OWASP ASVS project.
atdre
- 18,885
- 6
- 58
- 107
-
Well, there's a chapter on it, but most of the book is core concepts which cover both webforms and MVC. Thanks for the recommendation :) – blowdart Nov 19 '10 at 22:47
5
Here's a video series on how to hack proof your asp.net sites, it is two videos of about 50min where he also includes an introduction to the topic, he also includes examples, I havn't seen all of it yet, but I think it will cover some of your questions, or atleast give you som inspiration.
psalomonsen
- 1,054
- 7
- 7
-
1Hi @psalomonsen, welcome to [security.se]! Can you please edit your answer to include a summary, instead of just linking? See the [FAQ], and [answer]. – AviD Sep 05 '11 at 13:17