4.2why do String/string data types play an important role in web
applications that use the HTTP/HTTPS protocol?(not sure for this issue)
HTTP/HTTPS protocol is a protocol used to transfer message between web client and web server,
the string data type is immutable, which means once the string objects are created they cannot
be changed, and the string operation like + to concatenate strings are highly optimized, in most
case do not significantly impact performance.
5.1 Briefly describe how ASP.NET is designed to combat SQL injection
and Session Hijacking.
SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for
backhand database, manipulation to access information that was not intended to be displayed,
this information may include any number of items, including sensitive company data, user lists or
private customer details.
Prevention for SQLI:
1.
input validation, which is the practice of writing code that can identity illegal user inputs.
2.
A web application firewall is commonly employed to filter out SQLI.
Session attack compromises the session token by stealing or predicting a valid session token to
gain unauthorized access to the webserver, this compromising of session token can occur in
different ways.
Prevention for session attack:
The best way to prevent session hijacking is enabling the protection from the client side, the user
should have efficient antivirus, anti‐malware software, and should keep the software up to date.
There is a technique that uses engines which fingerprints a requests of a session, in addition to
tracking the IP address and SSL session id, the engines also track the http headers, each change in
the header adds penalty points to the session and the session gets terminated as soon as the
points exceeds a certain limit, this is effective because when intrusion occurs, it will have a
different http header order.
5.2 how is asp.net identity implemented in the default web
applications generated by visual studio 2017?
The blow is the step by step introduction on how is the implementation:
1.
create an ASP.NET MVC application with”individual user account” authentication
2.
The created project contains the following three packages for ASP.NET identity:
Microsoft.AspNet.Identity.EntityFramework
Microsoft.AspNet.Identity.core
Microsoft.AspNet.Identity.OWIN
The first package has the entity framework implementation of ASP.NET identity which will persist
the ASP.NET identity data and schema to SQL server.
You've reached the end of your free preview.
Want to read all 16 pages?
- One '17
