Twenty Don'ts for ASP Developers
irewalls block hackers from directly connecting to your network shares. Windows administrators keep their systems up-to-date with the latest software patches to thwart worms such as Nimda and Code Red. And user passwords are stronger than ever. But are we secure yet? While the situation is much better than it was just a couple years ago, many companies are still quite vulnerable to a number of attacks. Blocking ports and installing patches has not stopped hackers, it has just forced them to find new ways to break in. And chances are, the first place they are going to look is your Web application.
The problem is that while you may have a team of experts to secure your network, you are still dependent on your developers to secure your Web application. Are they properly trained to take on the most sophisticated hackers in the world? Are they at least good enough to defend themselves from a script kiddie who just read a tutorial on SQL injection? Many companies are now realizing that their code is not as secure as it should be.
This article will offer twenty tips for ASP programmers. These are not tips on how to secure a Web application, they are twenty things that ASP developers should avoid doing in order to develop secure Web applications. Unfortunately they address twenty common mistakes that we see over and over again on Web applications.
[ Read more ]