Saturday 21 September 2013

Ensuring Your ASP.NET Website Is Secure

[18/06/15] This blog post has been moved to here.

2 comments:

  1. One thing might be worth considering is using MVC Attributes for the extra headers, that way you can unit test the code.

    Might want to mention that the AntiXss library is the preferred way of handling input these days.

    Perhaps Salts in AntiForgeryTokens for a big of extra goodness :)

    ReplyDelete
  2. Through slight refactoring (i.e. access methods) and using HttpResponseBase, you can unit test the headers being added anyway.

    ReplyDelete