Hi everyone, I am in the process of developing a subscription based website and use asp. Net's membership as the control over authenticating and logging in users to the members area. However, having read a fair bit on the Internet I find myself worrying about
other aspects of security. In particular I am looking for advice on: (1) is asp.net membership secure enough (2) what do I need to know about session IDs and protecting them - up until now I haven't even considered this and only now concerned with it after
reading articles on the Internet (3) are there any other aspects of security I should be thinking about (eg should my entire site be SSL) I am a self taught developer and therefore have medium technical ability so any dummy's guidance would be appreciated.
Thanks Steven
A good start to web security is Troy Hunt's free e-book
OWASP Top 10 for .NET Developers. OWASP is is the Open Web Application Security Project, a non-profit organization focused on improving security software. Every year they release a Top 10 list of the top security risks to applications. Troy walks you through
how a hacker could use each one to compromise your ASP.NET application, then shows what you can do to fix it.
A slightly out of date but VERY detailed resource is
Building Secure ASP.NET Applications on MSDN. Some items have changed, but the vast majority of the content is still fairly accurate.
After that, post more questions here.
Darrell Norton, MVP
Darrell Norton's Blog Please click "Mark as Answer" if this helped you.
Marked as answer by Stark8352 on Feb 03, 2013 06:00 PM
Stark8352
Member
38 Points
50 Posts
What should I know about security?
Feb 01, 2013 08:43 AM|LINK
DarrellNorto...
All-Star
86805 Points
9644 Posts
Moderator
MVP
Re: What should I know about security?
Feb 01, 2013 10:17 AM|LINK
A good start to web security is Troy Hunt's free e-book OWASP Top 10 for .NET Developers. OWASP is is the Open Web Application Security Project, a non-profit organization focused on improving security software. Every year they release a Top 10 list of the top security risks to applications. Troy walks you through how a hacker could use each one to compromise your ASP.NET application, then shows what you can do to fix it.
A slightly out of date but VERY detailed resource is Building Secure ASP.NET Applications on MSDN. Some items have changed, but the vast majority of the content is still fairly accurate.
After that, post more questions here.
Darrell Norton's Blog
Please click "Mark as Answer" if this helped you.
Stark8352
Member
38 Points
50 Posts
Re: What should I know about security?
Feb 01, 2013 02:28 PM|LINK
Darrell,
Thanks for the quick response, I shall do a bit more reading as suggested.
Steven