Summary
The objective of this drill is to teach you how to defend your web application against attacks from malicious users. You will learn how to prevent attacks caused by malicious input on web forms - attacks based on techniques such as SQL injection or cross-site scripting (XSS). The drill also teaches you how to defend against unauthorized access of resources in your application.
Audience
This Drill is for developers who want to learn about and defend against some of the common attacks that web applications face from malicious users.
What you'll learn
After taking this Drill, you will be able to implement various techniques in web applications to correctly validate any input received via web forms, and prevent against SQL injection, cross-site scripting, canonicalization, denial of service, and view state attacks. You will also understand why preventing these types of attacks is so important.
What you need to know
We assume that you’re already familiar with the concepts of programming and you’ve some experience with Visual Studio 2005. For this particular Drill, you’ll also need to be comfortable with Visual C# or Visual Basic syntax and HTML. Although not essential, experience in object-oriented development, server page technology and basic knowledge of SQL Server and the T-SQL language would also be useful.