Never trust data provided to your app by an outside source. How many times have you heard this? Yet, time and again, we learn of new and exciting ways for hackers to penetrate applications, operating systems, and even entire networks. While it is true most common languages protect you from stalwart exploits such as buffer overrun attacks, the new breed of connected web apps has brought with it a new breed of exploits.
In this chapter, we will take a look at using the data validation attributes found in the System.ComponentModel.DataAnnotations
namespace to validate data submitted to our app. We will then look at the tools provided to us by the ASP.NET MVC 4 framework used to help prevent Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) attacks.
At the end of this chapter you really need to remember only one rule— its the one already stated but bears repeating, that is never, never, never, ever trust data provided to our app by an outside source...