Ensure that you have appropriate
authentication and authorization mechanisms in place so that if the attacker does discover
your service definition, they will not be able to compromise your application.
SUMMARY
The .Net Framework and ASP.Net help improve application security by mitigating a
number of traditional attacks against applications, but they can also provide developers
with a false sense of security. Attackers reviewing a .Net application will be sure to search
where framework APIs and infrastructure have been misused or secure defaults changed.
Additionally, they will remember that regardless of the framework, application logic
errors will always be an issue. They will take the time to think about how the application
is working internally, get to know the framework, and then attack .Net applications.
To help you protect .Net applications, Microsoft has published several resources
describing security features within .Net and how to configure ASP.Net web application
servers properly. Make sure to use these resources to properly secure your .Net
environments.
135
CASE STUDY: CROSS-DOMAIN ATTACKS
As Web 2.0 gets bigger and bigger, the interaction between web applications becomes
stronger and stronger.
Pages:
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265