Ray's Asp.net Blog
Answers and code snippets from ASP.NET projects (Webforms/MVC/Classic ASP)
Event registration app with QR/Paypal
Saturday, March 12, 2011
Website security basic check list
It's a lot to digest but the
OWASP development guide
covers Web Site security from top to bottom.
and how to prevent it.
Never trust user input (cookies are user input too!).
Use a slow hashing algorithm, such as bcrypt (time tested) or scrypt (even stronger, but newer) (
), for storing passwords. (
How To Safely Store A Password
Don't try to come up with your own fancy authentication system: it's such an easy thing to get wrong in subtle and untestable ways and you wouldn't even know it until
rules for processing credit cards
See this question as well
for login and any pages where sensitive data is entered (like credit card info).
How to resist session hijacking.
cross site scripting
cross site request forgeries
Keep your system(s) up to date with the latest patches.
Make sure your database connection information is secured.
Keep yourself informed about the latest attack techniques and vulnerabilities affecting your platform.
The Google Browser Security Handbook
The Web Application Hacker's Handbook