Security controls in a web application

Discussion in 'ASP .Net Security' started by Big Charles, Jul 23, 2007.

  1. Big Charles

    Big Charles Guest

    Hello,

    I have developed a web application in .NET that interacts with Oracle
    database. Now this app is been audited according to security issues of
    ISO 17799.
    I'm afraid that my web app is lacking of many security controls.

    I have implemented some security controls like a login page that asks
    for userid and password in order to access the web app. Also, every
    web page calls a stored procedure when is loaded. That SP consults if
    the userid is allowed to access that web page.

    However, there are many other security controls that I didn't know.
    For example, a guy asked me if the login page controls how many times
    can somebody try to login. If somebody tries to login more than three
    times with no success, then the user account has to be blocked for
    some time. That is in order to avoid hacking, because somebody can use
    some program to generate random passwords and trying to login over and
    over until it succeeds.

    My question is: Is there any practical guide to follow about what
    security controls must be implemented in a web application that
    interacts with database? I think it should exists, like:

    - Passwords have to have 6 alphanumeric characters at least.
    - If the user logins for the first time, the application has to force
    him to change his password.
    - If the user tries to login more than three times unsuccessfully,
    then the account has to be blocked
    - etc, etc

    Thank you very much!
     
    Big Charles, Jul 23, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Earl Teigrob
    Replies:
    3
    Views:
    617
    John Saunders
    Jun 10, 2004
  2. Nathan Sokalski
    Replies:
    5
    Views:
    1,082
    Gaurav Vaish \(www.Edujini-Labs.com\)
    Jan 10, 2007
  3. Andy B
    Replies:
    1
    Views:
    326
    Nathan Sokalski
    Sep 23, 2008
  4. Nathan Sokalski
    Replies:
    4
    Views:
    341
    Nathan Sokalski
    Dec 21, 2006
  5. Michael Randrup
    Replies:
    3
    Views:
    348
    Henning Krause [MVP]
    Mar 27, 2006
Loading...

Share This Page