A. Mackey said
Beginning ASP.net security begins by introducing the reader to security principals such as defence in depth, never trusting user input etc. The author then ensures the reader understands how the web and ASP.net function by providing an overview of HTTP & ASP.net processing of events, form submissions and Viewstate- all essential concepts to understand the security issues surrounding ASP.net applications.
The book is divided into 16 easy to read chapters. Chapters contain small snippets of code and demonstrate various security issues ensuring the reader understands the problem being discussed. Detailed advice is then given and solutions provided to fix the various issues.
Issues are supplemented with real world examples and the author's own experience (I chuckled at the index server example) and help provide some colour to what can be a difficult topic to keep interesting.
The book covers all major web based security issues such as XSS, XSRF, Sql Injection and also related topics such as securing IIS and issues surrounding the file system. Important concepts such as encryption, hashing and certificates are also covered in depth. The final chapters cover advanced topics such as CAS, Securing IIS and third party authentication solutions.
So what could be better? very little the book is clear, easy to read and contains concise examples. I would have perhaps liked to see an example of implementing a custom membership provider and a bit more on client side scripting/ajax related issues but the book does a great job covering the major areas and pointing the reader towards further resources.
I liked that the book provides recipes for dealing with complex problems such as implementing certificate based authentication and implementing Open ID. Several useful tools I wasn't aware of are also referenced.
Before I began reading Barry's book although no security expert I considered that I had a pretty good knowledge of security and was glad to see for the most part the book confirmed my understanding! It always surprises me how many web developers have so little knowledge of basic security concepts and best practice. There is no excuse now and if you have never looked into security this book should be required reading! However don't think that this book has nothing to offer the intermediate/advanced developer as it had many gem's for me (correct implementation of salting passwords, certificates, ViewStateUserKey, WCF security).
This book is a great introduction to security and related concepts and will serve as a useful reference/cook book to more experienced developers.
Beginning ASP.NET Security
- Authors
- Barry Dorrans
- ISBN
- 0470743654
- Published
- 22 Mar 2010
- Purchase online
- amazon.com
A practical guide to securing ASP.NET sitesBeginning ASP.NET Security is for novice to intermediate ASP.NET programmers and provides a step-by-step solution to securing each area of ASP.NET development. Rather than approaching security from a theoretical direction, MVP Barry Dorrans shows you examples of how everyday code can be attacked, and describes the steps necessary for defense. Inside, you'll learn how you can defend your ASP.NET applications using the
- Editorial Reviews
- Customer Reviews
Customer Reviews
You might also like...
ASP.NET tutorials
- What You Need to Know about PCI Compliance and Web Application Security Policy Changes
- Effective Controls for Attaining Continuous Application Security Throughout the Web Application Development Life Cycle
- Top 10 Application Security Vulnerabilities in Web.config Files - Part Two
- Testing for Security in the Age of Ajax Programming
ASP.NET books
-
CASP CompTIA Advanced Security Practitioner Study Guide: Exam CAS-001 (Comptia Study Guide)
Brand-new security certification insight from an industry expertTargeting security professionals who either have their CompTIA Security+ certification or are looking to achieve a more advanced security certification, this CompTIA Authorized study gui...
ASP.NET podcasts
-
IBM developerWorks: TWOdW: Save data energy and pull down old silos
Published 8 years ago, running time 0h2m
Last month, we highlighted a demo on how to integrate reverse-proxy WebSEAL (found in the IBM Security Access Manager solution) with the SAP NetWeaver Application Server ABAP. Now developerWorks has provided a wrapper of resources around the video to help you identify opportunities to learn more
Comments