Input Validation Resources for ASP.NET

Anil John points out some good resources for dealing with input in ASP.NET:

 

One of the basic tenets of secure coding is that ALL input is EVIL and should be validated and sanitized before being allowed into the application.  This is also definitely an area where a lot of mistakes can be made.

 

The PAG folks have written a set of modular How-To's to tackle the finer points of injection attacks and as such implement effective input validation in your ASP.NET Applications. The guidance covers both .NET 1.1 and 2.0.

 

Check them out:

 

• • How To-Protect from Injection Attacks in ASPNET
  • How To-Use Regular Expressions to Constrain Input in ASP.NET
  • How To-Protect from SQL Injection in ASP.NET
  • How To-Prevent Cross-Site Scripting in ASP.NET

 

Very important information…read it, and live it.