Summary | Security for Microsoft Visual Basic .NET

In this chapter, you’ve learned about the many forms of input to your Visual Basic .NET application that you need to be aware of. Input includes direct user input from a text box, data read in from a file, HTTP header information posted by a Web browser, and indirect input to subroutines. Although Visual Basic .NET provides a number of front-line defense tools such as the Validating event and Web Validator controls, it’s the last line of defense that you need to be most concerned about to make your application more secure. You should use Visual Basic .NET language tools such as Regex and Parse to validate that data is of the appropriate length and type and has the expected content before taking critical action based on the data value.

Input validation is as much about writing secure code as it is about writing solid code. If you apply input validation techniques as presented in this chapter consistently throughout your code, you should find that your code not only runs more reliably, but is more secure as well.

Going hand in hand with validating input is the need to handle errors. You might do a wonderful job of adding input validation to your code only to find that you have introduced other security risks in the way that you have implemented your error handling. Chapter 8 offers recommendations on how you should implement error handling in your code to best complement other techniques, such as input validation, for ensuring hack-resistant code.