This tool is another one on the side of protection, again for web-based applications but this time for .NET applications it’s called .NETIDS (.NET Intrusion detection System). This tool is capable of detecting on attacks on web applications and gives the developer the possibility to react. The project files include filter rules and function stubs to react on possible intrusions which may vary from logging to warning or redirecting the user.

The goal of this project is to provide am additional layer of protection to any .NET application this project is used with. This also includes the detection of XSS, directory traversal, SQL injections, protection against overwriting JS objects and methods, advanced logging functions, categorization and tagging of the single filter rules and interfaces for reacting on possible intrusions.

.NET IDS is a actually a port of PHPIDS, which we’ve mentioned before, to the .NET Framework. The library is fully CLS compliant and implements exactly the same filtering sets as the PHP version.

.NETIDS can be used in three ways.

The first method is by inheriting your ASP.NET pages from the SecurePage class. This offers an easy and customizable way to scan page input. If you are relatively new to the .NET Framework this is the simplest way to secure your applications.

The second method is more customizable but harder to implement for novice programmers and involves working directly with the IDS objects.

The third method (available in the upcoming release) is by using the supplied HttpModule.

You can find the documentation here:

http://www.the-mice.co.uk/dotnetids/docs/

You can download .NET IDS v.0.1.3.0 here:

dotnetids-bin-0_1_3_0.zip

Or you can read more here.

If your familiar with asp.net, you’ll know the feeling of wasting hours searching through countless settings to get an app working, and then the many more hours it takes to tweak IIS to get your site running smoothly. But this is nothing compaired to getting authentication and domain controllers properly integrated. On Microsofts asp.net newsgroup the biggest single security issue mentioned is user error and bad setup, sometimes allowing things as stupid as anonymous users having full control of a web app.

4GuysFromRolla regular .net author Scott Mitchell has written a kick-ass guide to all things membership and role based, and if your producing an intranet or just a large webapp you will want to take a look. Allowing .net to manage your permissions and users can not only save you time, but takes out some of the many errors that can sneak in when your managing a large sites security manually.

Im a tinkerer. I can’t say I’m expert in anything more than ASP and MSSQL, but I make a point of playing and learning anything new and wanky. I’ve tweaked dBase, fiddled with Python, installed Apache, destroyed MS2003 server, plugged in SUN boxes, screamed at VisualStudio, urinated on Fedora, set fire too Game Maker, avoided Ajax, winked at Web2.0, beat the crap out of Oracle, been mentally scarred by DreamWeaver and made mad passionate love to ASP.net.

Bottom line, if it exists, I’ve probably played with it. My main expertise lies in Microsoft web and database technologies, namely ASP, anything .net, mssql(From 6.5 up to 2005) and associated web technologies. I spend 80% of my time on an intranet, the other 20% on our outward facing sites, and the other 20% my boss imagines I have, working on private projects. In my spare time I play some mmorpgs, spend time with my wife, work on some websites(Except my own), and I’m currently building a huge crossbows and catapults set for fun and the possible destruction of my flat.