Google
AspAlliance.com Web
AspAlliance
Register
Edit My Profile
Author List
Write for Us
About AspAlliance
Contact Us
Privacy Policy
Link To Us
Advertise

Subscribe
Free Newsletter
Newsletter Archive
RSS Syndication

.NET Tutorials
Learn .NET
Learn WCF
Learn WPF
Learn ASP.NET
Learn AJAX
Learn Silverlight
Learn Visual Studio
Learn ADO.NET
Learn LINQ
Learn C# (CSharp)
Learn VB.NET
Learn Web Services
Learn Controls
Learn BizTalk
Learn SharePoint
Learn Mobile
Learn SQL
Learn SQL Reporting
Learn Windows Forms
Learn XML
Learn Crystal Reports
Learn FarPoint
Learn DevExpress
Examples
ASP.NET 2.0 Examples

ASP Tutorials
Learn ASP
Learn VBScript
Learn JScript
Learn SQL
Learn XML

Software Resources
Shopping Cart Ecommerce
Charts and Dashboards

Other Resources
Learn Java
Learn Oracle
Opinion / Editorial
Crystal Reports Alliance
WPF Resources
AJAX Resources
Silverlight Resources

Free Tools
Cache Manager
SimpleCMS

Reviews
Book Reviews
Product Reviews
Expert Advice

Books
ASP.NET Developer's Cookbook
Sample Chapters
Book Reviews

Community
Regular Expressions

Print This Article Print  Add To Favorites Add To Favorites    Email This Article To A Friend Email To Friend  Rate This Article Rate This Article   
Ideas for Improving ASP and ASP.NET Web Application Security - Part 2
page 5 of 11
by Brett Burridge
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 38146/ 117
Limit the number of login attempts

The accessible nature of web based applications together with the ease of writing automated login scripts mean that it is relatively easy to write a script to automatically guess website login credentials.  The task is made even easier if the malicious user already knows a login name or the website does not support the use of strong passwords (i.e. case sensitive, mixed case passwords mandatory or passwords that include non-alphanumeric characters).

For this reason, it is recommended to ensure that each session has a limit to the number of failed login attempts.  Since most automated HTTP scripting methods do not support sessions, it is also recommended to ensure there are not more than a certain number of failed login attempts from a specific IP address in a specific time period.

Monitoring the IIS web server log files for signs of repeated, failed login attempts is also highly recommended.  A utility such as Microsoft's Log Parser (http://www.logparser.com/) can be used to achieve this.

It may also be worth considering either temporarily or permanently disabling the accounts of users that appear to have a large number of failed login attempts in a specific time period.
View Entire Article

User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-05-18 11:13:29 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search