The book is divided into sections including:
- Accepting user input including validation, canonicalization and cross site scripting (XSS)
- Using databases securely including SQL injection attacks and how to securely access your database.
- Keeping secrets including encryption, hashing and how not to leak information
- Authenticating and authorizing including the ASP.NET membership providers, securing sessions and cookie theft.
- Securing the web server including how ASP.NET uses trust levels and how IIS can be security
- Securing web services including WCF and ASMX web services
- Securing the Microsoft ASP.NET Ajax framework
- Thinking securely including an introduction to threat modeling.
Beginning ASP.NET 3.5 Security provides a step by step solution to securing each area of ASP.NET development by providing a practical approach and providing references to examples of web sites that have suffered the exploits and additional material which will inspire readers to investigate and learn more. Readers can check their learning through exercise questions.
Keywords: ASP.NET framework, web security, programmer's guide to web security, programming books, web application security, securing web sites, securing online databases, developing secure web sites, designing secure applications with ASP.NET