Summary
In this chapter, we learned how to safeguard our code by understanding what sensitive data is and how to secure it using authentication, authorization, and SSL-enabled connections.
In the second part of this chapter, we reviewed some common standards in the industry, such as logging, keeping our frameworks and libraries up-to-date, and always redirecting to SSL-enabled sites. After that, we learned to never trust client data and that we should validate, filter, and sanitize it and always encode it, and not announce to the world what server and version we’re running by adding or removing security headers. We even created a reusable security middleware component.
We also touched on encrypting database columns with SQL Server and how it’s important to protect fields by being proactive, and why creating a custom encryption algorithm should be avoided.. We also learned how to avoid cross-site request forgery by using anti-forgery tokens.
Finally, we examined...
