I am getting some great feedback in my last two security related posts from people who have been thinking about, working with and dealing with asp.net security a lot longer than I have.
DEFINITELY read the comments by Steve Smith and Sam Gentile in my last post.
And don’t miss the comments by Anil John and Andrew Duthie in my post on the RequestValidation feature in ASPNET 1.1.
There is no ONE solution to security. Threats are coming at you from many many angles. You have to protect yourself in many many ways and then you still won’t be done.
One of the points that is made in the Defenses and Countermeasures session that I am doing for DevDays is that what we are doing with all of these steps is not assuming that we are eliminating all security problems, but instead, we are continuously raising the bar for potential hackers. Making it harder and harder for them to do their deeds.
Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!