لطفا منتظر باشید ...
Code Audit Fast Track
Handling Malicious Input
Identifying Input Sources
Does the application properly identify all possible sources of user input, including less obvious and secondary input sources?
Programming Defensively
Does the application assign filtered user input to variables to distinguish it from the raw data?
When using VB.NET, does the application use Option Explicit and Option Strict?
Does the application use centralized filtering functions on all user input?
Does the application avoid using the generic Request collection when gathering user input?
Constraining Input
Bounds Checking
Does the application use validator controls to validate form input if a page posts back to itself?
Does the application avoid enforcing security through client-side _validation?
Pattern Matching
Does the application use regular expressions to either block known bad data or allow only known good data?
Does the application use regular expressions to identify malicious keywords or other patterns?
Data Reflecting
Does the application reflect data using trusted system functions to prevent attacks such as directory traversal?
Does the application always work with the reflected path in subsequent operations?
Encoding Data
Does the application use HtmlEncode to encode all strings for browser output?
Does the application use UrlEncode to encode all URL strings for output?
Does the application use UrlPathEncode to encode the path portion of all URLs for output?
Encapsulating
Does the application use hashes to encapsulate data for safe handling?
Does the application convert hashes to hex values to create a safe alphanumeric string?
Parameterizing
Does the application use parameterizing to fix the context and scope of user data?
Does the application combine parameterization with other filtering techniques to prevent directory traversal?
Double Decoding
Does the application use double decoding to detect multiple layers of encoding?
Does the application reject all requests that contain more than one layer of encoding?
Syntax Checking
Does the application check the final syntax of any string that is based on user input?
Exception Handling
Does the application take advantage of the robust error handling features in ASP.NET?
Does the application check return results to be sure they are consistent with what is expected?
Honey Drops
Does the application use honey drops in the database to detect SQL injection attacks?
Does the application use honey drops in the file system to detect file system access?
Does the application use honey drops in your source code to detect server-side code access?
Limiting Exposure to Malicious Input
Reducing the Attack Surface
Does the application reduce the attack surface of the application to limit exposure to hackers?
Does the application avoid showing unused query string parameters?
Is the code devoid of any testing, debug, or other dead code?
Does the application use static content in application demos?
Does the application limit access to administration or other private modules?
Is the production server devoid of sample code?
Did any third party components undergo a thorough security audit?
Limiting Attack Scope
Does the application use the principle of least privilege to limit the access of Web users?
Does the application avoid storing passwords, private comments, or other sensitive information in server-side code?
Hardening Server Applications
Does the application use the MaxRequestEntityAllowed and AspMaxRequestEntityAllowed metabase settings to limit overall length of a request?
Does the application use the MaxFieldLength, MaxRequestBytes, UrlSegmentMaxLength, and UrlSegmentMaxCount registry settings to limit the length of specific parts of a request?
Does the application use the EnableNonUTF8 and PercentUAllowed registry keys to limit valid characters in a request?
