Franc Stratton's .NET (TM) Web Application, OOP, and SOA Architecture & Programming Site

A site devoted to ASP.NET (TM), SilverLight (TM) and Browser-Based WPF (TM) Applications, IIS Services, and OOP Architectures
Home     Architecture Overview     WF/WCF/WPF     Data Store     Standards     .NET Security     Resources     jQuery     Silverlight     Developer Tips     Blog     Site Map      
Input validation
Authentication
Forms Authentication
Authorization
Configuration Mgt
Sensitive Data
Session Mgt
Cryptography
Parameters
Exception Mgt
Auditing/Logging
SQL Injection
Cross-site Scripting
String Validation
Prudent use of cryptology methods and types:

Personally identifiable information such as Social Security Numbers will be encrypted using only a Microsoft encoding technique specified in the .NET Framework. For example, a .NET Team Leadership Committee could specify that all public key (symmetric) encryption will be used in all web applications utilizing the 3DES type of encoding. The Leadership Committee will designate where the public encryption key will be kept, and assign access to this key.
 
 Symmetric key information will be encrypted in the abstract base class BLL file (BLL.cs) if used. See "Sensitive Data" for more information.