Guest Editor: Today's post is from Taras Kholopkin. Taras is a Solutions Architect at SoftServe, Inc. In this post, Taras will review secure data transmission in the ASP.NET MVC framework.
Secure data transmission is a critical step towards securing our customer information over the web. In fact, many of our SoftServe applications are regulated by HIPAA, which has the following secure data transmission requirements:
- Client-server communication should be performed via secured channel (TLS/HTTPS)
- Client (front-end application) should not pass any PHI data in URL parameters when sending requests to the server
- All data transmission outside of the system should be performed via secure protocol (HTTPS, Direct Protocol, etc.)
To satisfy this requirement, let's examine how to secure data transmission in an ASP.NET MVC application.
Enable HTTPS Debugging
One of my favorite
Guest Editor: Today's post is from Taras Kholopkin. Taras is a Solutions Architect at SoftServe, Inc. In this post, Taras will take a look at creating an audit logging action filter in the ASP.NET MVC framework.
Audit logging is a critical step for adding security to your applications. Often times, audit logs are used to trace an attacker's steps, provide evidence in legal proceedings, and used to detect and prevent attacks as they are occurring. If you're not convinced yet, many regulatory compliance laws, such as HIPAA, also require security-specific audit logs to be kept. With that said, let's take a look at some high-level things to consider as you build out your audit logging functionality.
Events to Log:
The first step is deciding which events require logging. While regulatory compliance laws, such as HIPAA and PCI, may specify exactly which actions should be logged, each application is different. Here are some general actions to
Guest Editor: Today's post is from Taras Kholopkin. Taras is a Solutions Architect at SoftServe, Inc. In this post, Taras will take a look at the data validation features built into the ASP.NET MVC framework.
Data validation is one of the most important aspects of web app development. Investing effort into data validation makes your applications more robust and significantly reduces potential loss of data integrity.
Out of the box, the ASP.NET MVC framework provides full support of special components and mechanisms on both the client side and the server side.
Let's have a look at the Register page from the SecureWebApp
Guest Editor: Today's post is from Taras Kholopkin. Taras is a Solutions Architect at SoftServe, Inc. In this post, Taras will take a look at the authentication and authorization security features built into the ASP.NET MVC framework.
Implementing authentication and authorization mechanisms into a web application with a powerful ASP.NET Identity system has become a trivial task. The ASP.NET system was originally created to satisfy membership requirements, covering Forms Authentication with a SQL Server database for user names, passwords and profile data. It now includes a more substantial range of web application data storage options.
One of the advantages of the ASP.NET system is its two-folded usage: it may be either added to an existing project or configured during the creation of an application. ASP.NET Identity libraries are available
Eric Johnson is an instructor with the SANS Institute for DEV544: Secure Coding in .NET: Developing Defensible Applications, and an information security engineer at a financial institution, where he is responsible for secure code review assessments of Internet facing web applications. Eric has spent nine years working in software development with over five years focusing on ASP .NET web application security. His experience includes software development, secure code review, risk assessment, static source code analysis, and security research. Eric completed a bachelor of science in computer engineering and a master of science in information assurance at Iowa State University. He currently holds the CISSP and GSSP-.NET certifications and is located in Las Vegas, NV.
The .NET 4.0 & 4.5 frameworks introduced new syntax shortcuts to HTML encode dynamic ...