ASP.NET MVC Security


Hi All,

Here is the list of articles which will help you guys to get tips on ASP.NET MVC Security:

Securing your ASP.NET MVC 4 App and the new AllowAnonymous Attribute By Rick Anderson
This blog post covers many important security considerations in ASP.NET MVC.

Securing your ASP.NET MVC 3 Application By Rick Anderson
In this blog post, Rick Anderson describes some security pitfalls for MVC applications and how to avoid them.

Deploy a Secure ASP.NET MVC 5 app with Membership, OAuth, and SQL Database to a Windows Azure Web Site By Rick Anderson
This tutorial shows how to create and deploy a secure ASP.NET MVC 4 app using OAuth, the membership database with SQL data.

XSRF/CSRF Prevention in ASP.NET MVC and Web Pages By Rick Anderson
Cross-site request forgery (also known as XSRF or CSRF) is an attack against web-hosted applications whereby a malicious web site can influence the interaction between a client browser and a web site trusted by that browser. These attacks are made possible because web browsers will send authentication tokens automatically with every request to a web site. The canonical example is an authentication cookie, such as ASP.NET’s Forms Authentication ticket. However, web sites which use any persistent authentication mechanism (such as Windows Authentication, Basic, and so forth) can be targeted by these attacks.

Preventing Open Redirection Attacks (C#) By Jon Galloway
This tutorial explains how you can prevent open redirection attacks in your ASP.NET MVC applications. This tutorial discusses the changes that have been made in the AccountController in ASP.NET MVC 3 and demonstrates how you can apply these changes in your existing ASP.NET MVC 1.0 and 2 applications.

Microsoft ASP.NET MVC Security with Haack and Hanselman
This video analyzes XSS, CSRT, and JSON hijacking.

Hope this helps !!!

Jay Ganesh

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s