3
Shouts
spam Shout it Mute it

OWASP Top 10 for .NET developers part 8: Failure to Restrict URL Access
published 660 days, 14 hours, 49 minutes ago posted by http://troyhunt.myopenid.com/http://troyhunt.myopenid.com/ 663 days, 4 hours, 3 minutes ago
Wednesday, August 03, 2011 7:53:16 PM GMT Monday, August 01, 2011 6:39:20 AM GMT

What makes this particular risk so dangerous is that not only can it be used to very, very easily exploit an application, it can be done so by someone with no application security competency – it’s simply about accessing a URL they shouldn’t be.

On the positive side, this is also a fundamentally easy exploit to defend against. ASP.NET provides both simple and efficient mechanisms to authenticate users and authorise access to content. In fact the framework wraps this up very neatly within the provider model which makes securing applications an absolute breeze.

category: Web Dev | clicked: 22 | | source: www.troyhunt.com | show counter code
tags: Security, ASP.NET