Articles on How to secure an ASP.NET MVC app and security risks for .NET developers

1. Articles from Rick Anderson, Microsoft MVP about security on ASP.NET MVC web application.

How to secure an ASP.NET MVC app

Securing your ASP.NET MVC 4 App and the new AllowAnonymous Attribute

2. Series Article from Troy Hunt, MS MVP about Top 10 Open Web Application Security Project (OWASP) security risks for .Net developers.

OWASP Top 10 for .NET developers

Topic include:

  1.  Injection
  2. Cross-Site Scripting (XSS)
  3. Broken Authentication and Session Management
  4. Insecure Direct Object References
  5. Cross-Site Request Forgery (CSRF)
  6. Security Misconfiguration
  7. Insecure Cryptographic Storage
  8. Failure to Restrict URL Access
  9. Insufficient Transport Layer Protection
  10. Unvalidated Redirects and Forwards

Enjoy! 🙂



ASP.NET web application security review: Do’s & Don’ts

This article is a well-written overview for the potential security issues on ASP .NET web applications.

The contents are .NET centric, but it delivers a quite decent technical contents on web vulnerability attacks –  Click-jack Attacks, vulnerable HTTP methods, disabled directory listing, encryption on db connection string, and so on.

Hope this helps. 🙂