Secure .NET Development

In this day and age there is no excuse for writing insecure code. It seems every week we hear about some security breach at a major company or website.

I was part of the Target breach and I had to get a new credit card. No one tried to buy anything with my card. The bank was just taking a preemptive measure. It is a major pain to have to change the credit card number with all the businesses I do business with. Think about how much money that cost Target, the banks, and all the customers who had to do that.

As software developers we can do better. As software developers we must do better.

This series of posts is designed to teach how to write more secure .NET code. This series is not intended to be the end all be all for Secure .NET Development. My hope is this series will give you the tools needed to write more secure code, as well as start thinking about different ways to make your .NET applications more secure. When I attended a security training session recently I came away with 23 changes I wanted to make to the application I am responsible for at work. My hope is these posts help you in a similar fashion.

  1. Introduction to writing secure code and the concept of defense in depth
  2. Introduction to XSS and how to help counteract it with the Content-Security-Policy header
  3. Session Hijacking Introduction and Prevention
  4. Use ActionFilters to lock down ASP.NET WebAPI
  5. Use ExceptionFilters to hide error messages