Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Is .NET less vulnerable to application security hacks?

Does coding in .NET prevent you from being vulnerable to common application hacks such as SQL injection and cross-site scripting (XSS)? SearchSoftwareQuality.com's application security expert, Caleb Sima, responds.

Does coding in .NET prevent me from being vulnerable to common application hacks such as SQL injection and cross-site scripting?
.NET actually does help you from being vulnerable to cross-site scripting, or XSS. The web.config file has page validation turned on by default, which will return an error anytime input is seen to contain script. This is a nice feature, as it shows how building security into the language can help in cutting down security holes drastically.

As for SQL injection, unfortunately there is no easy solution. The remediation for SQL injection is the same for .NET as it is with any other language. Validate user input and use parameterized queries. As is the case with.NET and XSS, I predict a solution will also end up being integrated right into the language so that anytime developers make calls to the database this will all be done automatically to ensure secure code.

More information:
* ASP.NET tool upgrade: Compuware releases SecurityChecker 2.5
* Discover the power of .NET's code access security
* Developing secure .NET applications

Dig Deeper on Building security into the SDLC (Software development life cycle)

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.