[英]How do I assess whether my ASP.NET web application is easy to break into?
I have to develop an ASP.NET web application and publish it in Windows Azure so that it runs there under IIS7.我必须开发一个 ASP.NET web 应用程序并将其发布在 Windows Z3A580F1422036767353 下运行它。 I don't have any serious experience developing such applications.
我没有任何开发此类应用程序的严肃经验。 I constantly hear that "site X was broken into because it was doing Y in a very stupid way".
我经常听到“站点 X 被入侵是因为它以非常愚蠢的方式做 Y”。 I'm kind of paranoid that I might also be doing Y (and also Z) in a very stupid way and have my application hacked in no time.
我有点偏执,我可能也会以一种非常愚蠢的方式做 Y(还有 Z)并且我的应用程序很快就被黑了。
Is there a good guideline of making well protected ASP.NET web sites?是否有一个很好的指南来制作保护良好的 ASP.NET web 站点?
Take a look at the OWASP site and set of guidelines.看看OWASP网站和一套指南。 They are rather extensive.
它们相当广泛。
They have several tools that will detect some types of vulnerabilites.他们有几种工具可以检测某些类型的漏洞。
You may want to start from the recommended Microsoft Asp.net security practices and browse the various subsections from here.您可能希望从推荐的 Microsoft Asp.net 安全实践开始,并从此处浏览各个小节。 I think it's Asp.net 2.0 related but most of the guidelines still apply (what version will you be working on?).
我认为它与 Asp.net 2.0 相关,但大多数指南仍然适用(您将使用哪个版本?)。
EDIT : here's the latest version for .net 4.0编辑:这是 .net 4.0 的最新版本
Take a look at the OWASP Top 10 for .NET Developers series.查看.NET 开发人员系列的 OWASP Top 10 。 This will give you a step-by-step guide on how to protect against specific vulnerabilities for apps using the ASP.NET framework.
这将为您提供有关如何使用 ASP.NET 框架保护应用程序免受特定漏洞的分步指南。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.