UDC 004.492

Common Web Application Attack Types and Security Using ASP.NET

Bojan Jovičić1 and Dejan Simić1

  1. Faculty of Organizational Sciences
    POB 52,
    bojan.jovicic@gmail.com, dsimic@fon.bg.ac.yu

Abstract

Web applications security is one of the most daunting tasks today, because of security shift from lower levels of ISO OSI model to application level, and because of current situation in IT environment. ASP.NET offers powerful mechanisms to render these attacks futile, but it requires some knowledge of implementing Web application security. This paper focuses on attacks against Web applications, either to gain direct benefit by collecting private information or to disable target sites. It describes the two most common Web application attacks: SQL Injection and Cross Site Scripting, and is based on author’s perennial experience in Web application security. It explains how to use ASP.NET to provide Web applications security. There are some principles of strong Web application security which make up the part of defense mechanisms presented: executing with least privileged account, securing sensitive data (connection string) and proper exception handling (where the new approach is presented using ASP.NET mechanisms for centralized exception logging and presentation). These principles help raise the bar that attacker has to cross and consequently contribute to better security.

Publication information

Volume 3, Issue 2 (December 2006)
Year of Publication: 2006
ISSN: 2406-1018 (Online)
Publisher: ComSIS Consortium

Full text

DownloadAvailable in PDF
Portable Document Format

How to cite

Jovičić, B., Simić, D.: Common Web Application Attack Types and Security Using ASP.NET. Computer Science and Information Systems, Vol. 3, No. 2, 83-96. (2006)