ASP.NET Security Tutorials

This ASP.NET Security tutorial explains how to control path composition to protect ASP.NET web application from directory traversal vulnerability in VB.NET.

There is a threat for file access named path canonicalization. Canonicalization is a process for converting data in standard (or canonical) form and it refers to the action that builds a path in a safe form. [...]

This ASP.NET Security tutorial explains how to handle and display user input to protect ASP.NET web application from XSS in VB.NET.
Cross site scripting (or XSS) is the most insidious kind of attack because it’s quite often invisible at first glance.  XSS is based on some code (markup or JavaScript) that is injected into your page. The [...]

This ASP.NET Security tutorial explains how to monitor and block bad requests in ASP.NET in VB.NET.
You can use approach described in the article How to handle improper parameter values in ASP.NET in VB.NET to create a blocking engine to handle and improve parameter values. You should manage invalid requests and notify the client about any invalid [...]

This ASP.NET Security tutorial explains how to handle improper parameter values in ASP.NET in VB.NET.
You should take care about the values coming with the HTTP requests, because improper values are dangerous. These values can alter behavior of your application, generate runtime exceptions, and expose the error details to an attacker. You need to inspect these values [...]

This ASP.NET Security tutorial explains how to use encrypted URL queries in ASP.NET in VB.NET.

The article How to hide URL query information in ASP.NET in VB.NET describes a class named EncryptedQueryString which is used in the next example to illustrate how you can use it in your projects. You have to build two web [...]