Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ASP vs. ASP.NET

from [exon] Network Security [Permanent Link]
Subject: Re: ASP vs. ASP.NET
Date: Wed, 13 Oct 2004 11:57:17 +0200
Anil John wrote: 
You can write insecure code in pretty much any language and platform of your
choice..

I much prefer C or asm for writing insecure code. That way you can also be somewhat sure that the code you write won't behave differently because someone fixes something in the underlying engine.

If you are focusing on writing secure web applications using
ASP.NET, I would suggest that you check out the following resources:

Building Secure ASP.NET Applications: Authentication, Authorization, and
Secure Communication
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/ht
ml/secnetlpMSDN.asp?frame=true

Improving Web Application Security: Threats and Countermeasures
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/ht
ml/ThreatCounter.asp

Both provide specific and actionable ways to write secure ASP.NET
applications.

Regards,

- Anil

--------------------------------------------------------------
-- http://SecureCoder.com
-- Architecture & Security in an Imperfect World -------------------------------------------------------------- 

-----Original Message-----
From: Bénoni MARTIN [mailto:Benoni.MARTIN@libertis.ga]
Sent: Friday, October 08, 2004 4:06 AM
To: webappsec@securityfocus.com
Subject: ASP vs. ASP.NET

Hi list!

I was wondering if if was a real lack of security developping nowadays in
ASP instead of ASP.NET. According to some people, if everything is well
written and the web server fully patched and uptodate, ASP is quite good.
For others ASP.NET is really more powerfull than ASP and the latter is
old-fashuined ...

So what about you, MS users ?

Thanks !





[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: aspx applictions SQL Injection, Bénoni MARTIN
Next by Date:  Re: Web Forms filtered with SQL constraints, Emil Filipov
Previous by Thread:  RE: ASP vs. ASP.NET, Anil John
Next by Thread:  RE: ASP vs. ASP.NET, Calderon, Juan Carlos (GE Commercial Finance, NonGE)
Indexes:  [Date] [Thread] [Top] [All Lists]