the ASP.Net Security model

Secure code guideline :

·        User input validation

·        Never used string concatenation to make SQL query

·        Never out data on user page before validation

·        Never used sensitive data in hidden filed and view state

·        Protect SSL means and keep short time out for cookies

Authentication: to authenticate the user means to know who is here

Authorization: once we know the user, now the question is which process and which resource can be used by user

Confidentiality: when user is working with application we need to make sure the resource are not open to other users so for that encryption is required

Integrity: finally after application interaction we need to make sure the resource of the application has not changed

No comments: