I have to develop an ASP.NET web application and publish it in Windows Azure so that it runs there under IIS7. I don't have any serious experience developing such applications. I constantly hear that "site X was broken in开发者_开发技巧to because it was doing Y in a very stupid way". I'm kind of paranoid that I might also be doing Y (and also Z) in a very stupid way and have my application hacked in no time.
Is there a good guideline of making well protected ASP.NET web sites?
Take a look at the OWASP site and set of guidelines. They are rather extensive.
They have several tools that will detect some types of vulnerabilites.
You may want to start from the recommended Microsoft Asp.net security practices and browse the various subsections from here. I think it's Asp.net 2.0 related but most of the guidelines still apply (what version will you be working on?).
EDIT: here's the latest version for .net 4.0
Take a look at the OWASP Top 10 for .NET Developers series. This will give you a step-by-step guide on how to protect against specific vulnerabilities for apps using the ASP.NET framework.
精彩评论