The evolution of information systems places more and more applications on web-based architectures. The concern with security on this type of systems has to evolve also. Any programmer familiar with Web development is a potential script kiddie. The task of corrupting, destroying or getting illicit access to data cannot be facilitated.
There is a series of guides on Microsoft Developer’s Network, on how to protect an ASP.NET application against injection attacks. The guides are pretty straightforward, giving a brief notion of the attacks and also the counter measures one can adopt to prevent them:
- How To: Protect From Injection Attacks in ASP.NET
- How To: Protect From SQL Injection in ASP.NET
- How To: Prevent Cross-Site Scripting in ASP.NET
- How To: Use Regular Expressions to Constrain Input in ASP.NET
Even if you have already deployed applications, it’s very well worth it to spend some time analyzing them and integrating the security enhancements explained. Better safe than sorry.