I am looking for a set of guidelines or a checklist that you can go over for securing a public ASP.NET MVC Website. I just want to make sure that I am not making any of the obvious and well known issues when deploying a website.
Thanks.
I am looking for a set of guidelines or a checklist that you can go over for securing a public ASP.NET MVC Website. I just want to make sure that I am not making any of the obvious and well known issues when deploying a website.
Thanks.
<script type="text/javascript">alert("XSS attack!");</script>XSS here!
, same goes for stuff that's injected into JavaScript, make mistakes show up!)I kinda do the following;
Other than that...
The below are general ASP.NET measures
Don't use the default GET
on actions unless absolutely necessary. For example, if you have a DeleteUser
action that doesn't have a [AcceptVerbs(HttpVerbs.Post)]
on it, it can be called via
<img src="http://yoursite/admin/DeleteUser/1" />
Which will get called by whomever "views" the image.