If your familiar with asp.net, you’ll know the feeling of wasting hours searching through countless settings to get an app working, and then the many more hours it takes to tweak IIS to get your site running smoothly. But this is nothing compaired to getting authentication and domain controllers properly integrated. On Microsofts asp.net newsgroup the biggest single security issue mentioned is user error and bad setup, sometimes allowing things as stupid as anonymous users having full control of a web app.
4GuysFromRolla regular .net author Scott Mitchell has written a kick-ass guide to all things membership and role based, and if your producing an intranet or just a large webapp you will want to take a look. Allowing .net to manage your permissions and users can not only save you time, but takes out some of the many errors that can sneak in when your managing a large sites security manually.
- Shadow Daemon – Web Application Firewall
- OWASP Zed Attack Proxy – Integrated Penetration Testing Tool
- Web Security Dojo 2.0 – Self-Contained Web Hacking Training
- OpenFISMA – FISMA Compliance & Risk Management Application
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- Hacker Posts List of Compromised User Accounts Online
Most Read in Web Hacking: