100%(5)5 out of 5 people found this document helpful
This preview shows page 3 - 5 out of 16 pages.
4.2why do String/string data types play an important role in web applications that use the HTTP/HTTPS protocol?(not sure for this issue)HTTP/HTTPS protocol is a protocol used to transfer message between web client and web server, the string data type is immutable, which means once the string objects are created they cannot be changed, and the string operation like + to concatenate strings are highly optimized, in most case do not significantly impact performance.
5.1 Briefly describe how ASP.NET is designed to combat SQL injection and Session Hijacking.SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backhand database, manipulation to access information that was not intended to be displayed, this information may include any number of items, including sensitive company data, user lists or private customer details.Prevention for SQLI:1.input validation, which is the practice of writing code that can identity illegal user inputs.2.A web application firewall is commonly employed to filter out SQLI.Session attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the webserver, this compromising of session token can occur in different ways.Prevention for session attack:The best way to prevent session hijacking is enabling the protection from the client side, the user should have efficient antivirus, anti‐malware software, and should keep the software up to date.There is a technique that uses engines which fingerprints a requests of a session, in addition to tracking the IP address and SSL session id, the engines also track the http headers, each change inthe header adds penalty points to the session and the session gets terminated as soon as the points exceeds a certain limit, this is effective because when intrusion occurs, it will have a different http header order.5.2 how is asp.net identity implemented in the default web applications generated by visual studio 2017?The blow is the step by step introduction on how is the implementation:1.create an ASP.NET MVC application with”individual user account” authentication2.The created project contains the following three packages for ASP.NET identity: Microsoft.AspNet.Identity.EntityFramework Microsoft.AspNet.Identity.core Microsoft.AspNet.Identity.OWINThe first package has the entity framework implementation of ASP.NET identity which will persist the ASP.NET identity data and schema to SQL server.