In this series of blog posts which covers all the topics of this certification exam in this post lets checkout the last topic “Implement a secure site with ASP.NET” of the fifth main section “Design and implement security” of this certification exam. Below are the tasks measured in this topic.
Implement a secure site with ASP.NET: Secure communication by applying SSL certificates; salt and hash passwords for storage; use HTML encoding to prevent cross-site scripting attacks (ANTI-XSS Library); implement deferred validation and handle unvalidated requests, for example, form, querystring, and URL; prevent SQL injection attacks by parameterizing queries; prevent cross-site request forgeries (XSRF).
- Securing Your ASP.NET Applications
- AntiXSS Library
- Support for unvalidated requests
- Prevent Cross-Site Request Forgery (CSRF) using ASP.NET MVC’s AntiForgeryToken() helper
- SHA512Managed Class
- Tip: Replacing Html.Encode Calls With New Html Encoding Syntax
- Anti-Cross Site Scripting Library
- XSRF/CSRF Prevention in ASP.NET MVC and Web Pages
- Preventing CSRF and XSRF Attacks
Visit the above links to learn about the topic “Implement a secure site with ASP.NET”.