ASP.NET
This section describes methods of acquiring user-supplied input, ways of interacting with the user's session, potentially dangerous APIs, and security-relevant configuration options on the ASP.NET platform.
Identifying User-Supplied Data
ASP.NET applications acquire user-submitted input via the System.Web.HttpRequest
class. This class contains numerous properties and methods that web applications can use to access user-supplied data. The APIs listed in Table 19.4 can be used to obtain data from the user request.
Table 19.4 APIs Used to Acquire User-Supplied Data on the ASP.NET Platform
API | Description |
Params |
Parameters within the URL query string, the body of a POST request, HTTP cookies, and miscellaneous server variables are stored as maps of string names to string values. This property returns a combined collection of all these parameter types. |
Item |
Returns the named item from within the Params collection. |
Form |
Returns a collection of the names and values... |