Improving Web Application Security: Threats and - CGISecurity

Checklist:Securing RemotingHow to Use This ChecklistThis checklist is a companion to Chapter 13, “Building Secure RemotedComponents.” Use it to help you build secure components that use the Microsoft ®.NET remoting technology and as a snapshot of the corresponding chapter.Design ConsiderationsCheck DescriptionRemote components are not exposed to the Internet.The ASP.NET host and HttpChannel are used to take advantage of Internet InformationServices (IIS) and ASP.NET security features.TcpChannel (if used) is only used in trusted server scenarios.TcpChannel (if used) is used in conjunction with custom authentication and authorizationsolutions.Input ValidationCheck DescriptionMarshalByRefObj objects from clients are not accepted without validating the source of theobject.The risk of serialization attacks are mitigated by setting the typeFilterLevel attributeprogrammatically or in the application’s Web.config file.All field items that are retrieved from serialized data streams are validated as they arecreated on the server side.