This documentation is archived and is not being maintained.

Security Considerations for ASP.NET Web Applications

Visual Studio .NET 2003

Security is a vital aspect of your Web applications. The first step in creating a secure application is to understand what types of security issues arise in Web-based applications. You must also understand the basic strategies you use to protect the application and your system.

The topics listed below provide an introduction to security in Web applications. Because security is a broad subject, the "Related Sections" below provides links to places in the documentation where security is discussed in more detail.

In This Section

Introduction to Web Application Security
Provides an overview of security for Web applications, describing what types of issues you need to think about when creating applications in Visual Studio.
Web Application Security at Design Time in Visual Studio
Discusses the specific requirements for security that pertain to accessing resources you need during development. These requirements are distinct from those that apply to users of your application.
Web Application Security at Run Time
Discusses the security of your application when it is deployed and running.
Overview of Web Application Security Threats
Discusses the types of threats that your Web applications are subject to.
Basic Security Practices for Web Applications
Provides a list of the basic security recommendations that apply to all Web applications.
Scripting Exploits
Discusses ways that malicious users can send potentially damaging information to your application.
Protecting Against Script Exploits in a Web Application
Demonstrates how to use HTML encoding and HTML filtering to protect your application against malicious user input.
Displaying Safe Error Messages
Shows how to display error messages without giving away information that a malicious user might find helpful in attacking your system.
Access Permissions for Web Applications
Provides an overview of options for managing access to resources in a Web application.
Accessing SQL Server from a Web Application
Discusses design strategies for SQL Server access for your Web application.

Related Sections

Security Portal
Provides links to topics that provide an overview of security issues, including a bibliography.
Security Model
Discusses aspects of choosing a security model for a distributed application created using ASP.NET.
ASP.NET Web Application Security
Provides links to topics that describe how security works in the ASP.NET Framework.