There is a wide array of attacks that ASP.NET web
applications need to protect against but most security holes are due to flaws
in the following:
Making it easy for attackers to reveal
users credentials, or worse to circumvent application’s authentication all
lack of password policy (strong passwords, expiration date etc), passing
internal messages back to the browser, using dynamic SQL on the login page (SQL
injection), using cookies and other insecure means to store users’ credentials,
and passing user names and passwords in clear text .
Network eavesdropping, brute force & dictionary attacks, SQL injection (on
login page), Cookie replay attacks and credential theft.
Allowing logged-in users to perform actions
without authorization verification (i.e. vertical & horizontal privilege
inconsistent checks for user authorization for every user’s request and web
page, lack of data validation and trusting data submitted by users (i.e.
cookies, hidden fields, URL parameters etc).
privilege escalation attacks (horizontal and vertical), Disclosure of
confidential data and Data tampering attacks.
Trusting data submitted by the user and
acting upon it.
lack of consistent and strict data validation throughout the web, and failing
to encode data sent to the browser.
Cross site-scripting (XSS), SQL injection, data tampering (query string, form
fields, cookies, and HTTP headers), embedded malicious characters and HTTP
Using default configuration on the
application and hosted server.
granting the application more permissions than it actually needs, failing to
properly secure resources (operating system, database etc) and passing internal
application information back to the browser (internal messages, exceptions and
unauthorized access to administrator functionality, unauthorized access to
configuration information, retrieval of clear text configuration information
and unauthorized access to data stores.