Explained – Canonicalization

Prescriptive Architecture

 

ASP.NET 2.0 Security Videos

J.D. Meier, Keith Brown, Prashant Bansode
Microsoft Corporation

November 2007

This video module shows you how to avoid input and data validation security issues related to path validation.

Objectives

• Use Access Control Lists (ACLs) and impersonation to control access to resources, instead of pathname comparisons
• Use MapPath to restrict physical file paths to the current virtual directory.

Video

The video is a small wmv file streaming / download:

• Explained – Canonicalization (Length: 8:43 - Size: 7:00 MB)

Recommended Guidance

• Design Guidelines for Secure Web Applications (See "Input Validation" section)
• Architecture and Design Review for Security (See "Input Validation" section)