Recognition and prevention of hacking of a MVC ASP.net website

Question

0.00/5 (No votes)

See more:

Hello!
I'm going to build a website in ASP.net MVC4.
I want to know how to shield my site from hacking. What kind of things do I have to do to avoid being hacked. One thing I'm especially interested in is how to harden my code to fend off hacking attacks.

Thanks for any pointers in the right direction!

Posted 3-Aug-13 10:21am

Member 8454063

Updated 13-Dec-18 12:46pm

Manfred Rudolf Bihy

v2

Add a Solution

Comments

Manfred Rudolf Bihy 3-Aug-13 16:30pm

The way you formulated your original question was not acceptable, as we don't offer any active advice on how hacking can be done. You'll have to research that for yourself. Advice on how to harden your code will be given more freely, so I decided to reformulate your question. I hope you don't mind my doing so.

Regards,

Manfred

[no name] 3-Aug-13 16:35pm

https://www.owasp.org/index.php/Main_Page

Manfred Rudolf Bihy 3-Aug-13 16:36pm

You can post links in comments, but you'll have to type in the anchor tag by hand. Just copy and paste won't work in the comments Editor.

Cheers!

Patrice T 21-May-19 14:52pm

Easier: type in the empty solution, it does all needed for the link;
Then cut/paste to comment.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Manfred Rudolf Bihy · Answer 1 · 2013-08-03T10:34:00

Solution 1

One Thing you should definitely look into is SQL-Injection[^]. This technique can be easily thwarted by using parameterized SQL statements[^].

Regards,

— Manfred

Posted 3-Aug-13 10:34am

Manfred Rudolf Bihy

Updated 3-Aug-13 10:35am

v2

Comments

Member 8454063 4-Aug-13 10:42am

yes i know . for example i know when i set JsonRequestBehavior on AllowGet , its open for Hijacking .
but how can i solve it?

public ActionResult MyAction(string str)
{

var result = MYClass.GetNumber(str);
return Json(result, JsonRequestBehavior.AllowGet);

}