Ideas for Improving ASP and ASP.NET Web Application Security - Part 2
page 1 of 11
Published: 16 Jun 2006
Unedited - Community Contributed
Abstract
In the second part of this series Brett provides more ideas for improving the security of ASP and ASP.NET web applications.
by Brett Burridge
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 32734/ 102

Use emails to report web application errors

Building an error reporting facility into your web applications can be beneficial when improving site security.  It also has the added benefit of being able to notify the web developer as soon as bugs arise, enabling problems to be fixed and the web application made more robust.  If the error reporting makes use of e-mail to send the errors, then the application will benefit from a near real time reporting system of errors and suspicious website activity.

An error reporting e-mailing function for classic ASP was described in this ASPAlliance article: http://aspalliance.com/brettb/ErrorReportEmailer.asp.  Error handling in ASP.NET is much improved.  There is an Application_Error subroutine in the Global.asax that is called whenever an error is encountered within an ASP.NET page within the web application.  There is also a Page_Error even that is called should there be an error on an individual page.  ASP.NET also offers improved tracing of errors, such as the ability to view the line number that raised the error (an application must be compiled in Debug mode in order for line numbers to be present in error reports).

Once the error reporting e-mail function has been incorporated into the website, the e-mails can then be monitored in order to detect security issues.  Depending on the way the application was coded, failed login attempts, attempted SQL injection attacks or other suspicious activity will often cause error reports to be generated.

Note that if the web application has a high level of traffic, it is advisable to build in a limit to the number of e-mail error reports that are sent in a specified time period.  A variable within the ASP Application object can be used to keep a count of the number of e-mails sent in a specific time period.


View Entire Article

User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2014 ASPAlliance.com  |  Page Processed at 10/21/2014 5:28:37 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search