Web Site Security - Bob Walker

Bob Walker

Web Site Security

A collection of 4 posts

Secure Development

Use ExceptionFilter to hide errors in your WebApi

One of the more common security mistakes is exposing too much information to our users. In the beginning of ASP.NET we had the famous "yellow screen of death." This screen was helpful to the developers trying to debug the program, it contained the error message, the stack

Secure Development Featured

Use ActionFilters to lock down ASP.NET WebAPI

Action filters are one of those little used but powerful features of the ASP.NET MVC and ASP.NET WebAPI stack. Most people have heard of them or are at the very least aware of them, but few have taken the time to learn them. Outside of exception handling, the

.NET Secure Development

Protect Your Cookies from XSS

One of the more favorite attacks with Cross Site-Scripting (XSS) is to hijack another user's session. This attack is known as session hijacking (shocking!). When it boils down to it, session hijacking is no different than you using a public computer and forgetting to sign-out and another person

Secure Development

Prevent XSS Exploits - Content Security Policy Header

Ahh XSS exploits. A nice buzzword in security conferences and classes. It sounds so cool and mysterious with the X in the front. But what is it really? How can it possibly harm my site and my users. It is actually pretty simple when it comes down to it. A