0

how can I make my asp.net mvc 3 application 100 % secure. I am using a sql server 2008 db as a backend. I am also planning to use WCF to post data back to the db.

so my ideas sofar is using : -wcf request throttling -use the antiforgery token. The db has sensitive information so I dont want it to get compromised or accessed. What can i do make sure this is safe? Am I missing some other issues?

user603007
  • 11,416
  • 39
  • 104
  • 168

1 Answers1

0
  • Don't use dynamic SQL
  • Use an ORM
  • Don't create your own authentication and authorization mechanism unless absolutely necessary. Try to use Forms Authentication if you can.
  • Apply a global authorization filter to facilitate making sure your pages are locked down http://blogs.msdn.com/b/rickandy/archive/2011/05/02/securing-your-asp-net-mvc-3-application.aspx
  • Keep cookie use to a minimum (you can use session most of the time, really!) as they can increase the surface of exploitable entry points into your application
  • Don't do stuff with your code that can get hacked easily, I have posted about some extremely simple exploits in the past
  • Read and understand the OWASP top 10 security exploits
John Culviner
  • 22,235
  • 6
  • 55
  • 51