Without considering security assessment might lead to non compliance and may come under security threats. So, how to strengthen it? Given below are a few guidelines to help you mitigate the security risks while reducing the unauthorized activities within an application.
1. Do prevent jack attack.
Means, with the help of the click jack technique it is possible to hijack by any other website. It will cause the malicious website to load the actual website page in its HTML Iframe and put the actual website in the background with transparency set to false
2. Restrict Vulnerable HTTP method.
The “OPTIONS” HTTP method when enabled uses foot printing or profiling the application or server. Use UrlScan tool to help prevent running malicious code requests that come to IIS which could cause threats.
3. Always encrypt connection string in web.config file.
Recommended to keep a clear and plain connection string within a web.config file without which a lot of risk and consequences are involved.
4. Display A Custom Error Page
Enable custom error page in web.config file as it can help the users to understand the semantics of your code and flow.
5. Don’t forget to pass a secure cookie.
Set SECURE flag on all the cookies this way it is easier to prevent from being sent to the HTTP traffic. It will inform the users’ browser to send back this cookie over SSL-secure HTTPS connections thus assuring complete safety.
All these above mentioned good practices are to be incorporated during ASP.NET development. Have you ever faced security issues in your web application? Give a thought it as the earliest.