There is no glamour in building secure ASP.NET web
applications. The vast majority of developers I’ve met would much rather focus
on building new & flashy features that can impress their managers and
end-users. Even though security can usually take a backseat during the initial
stages of development, it usually comes back to bite you when it’s least
expected. This article covers some of the security aspects to be aware of when
developing a new web application and what to do throughout the development
process to protect applications and databases against common attacks.
Overview
Building web applications with ASP.NET has been getting
easier as the technology and the development environment, Visual Studio, become
more sophisticated. Many of the complexities are taken care of by the framework
and are out of view from developers. This allows us to focus more on the
business value and features of our web applications and less on technical
aspects that very few really understand or appreciate. As a result, many
developers believe that security is also taken care of for them and they need
not to worry about it.
Unfortunately the reality is quite different. Unless
developers make security one of their priorities early on in the development
cycle, project managers might end up with a great application but one that
cannot go live without compromising the safety of their end-users and their
data.