Hacking the Code: ASP.NET Web Application Security

Chapter 1: Managing Users

Introduction

Users are generally a large component of Web applications and a focus point for a Web application s security. In fact, much of a Web application s security is intended to protect users and their private information.

Every Web application has different levels of risk and sensitivity. You must assess this risk in your organization to determine how much emphasis you put on user security. How you build your Web application will greatly affect how your users participate in security. Your users may or may not take security as seriously as you want them to, but as a security professional, it is your job to ensure that the data is properly protected.

Consider a magazine s online article archive that is available to authenticated subscribers. The owners want to protect their copyrighted content, so they require users to authenticate to gain access to certain articles. However, readers will not store personal information on the site, and they might not be careful with security, perhaps even sharing their login information with friends to allow them to gain access to protected articles.

Perhaps more often, users are more concerned about security than are the Web site operators. Too many companies do not put a great emphasis on security until after it is too late. In March 2001, the Federal Bureau of Investigation (FBI) National Infrastructure Protection Center (NIPC) issued an advisory that hackers were targeting e-commerce and e-banking Web sites, stealing credit card information, and attempting to extort money from the site owners. The...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Network Security Services
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.