ASP.NET webservice API security.

Posted by Tejaswi Yerukalapudi on Stack Overflow See other posts from Stack Overflow or by Tejaswi Yerukalapudi
Published on 2010-05-17T01:59:31Z Indexed on 2010/05/17 3:30 UTC
Read the original article Hit count: 354

Filed under:
|
|
|

Hi,

I have an iPhone app accessing an ASP.NET Webservice for data. Since I'm building both the ASP.NET end and the iPhone part of the app, and we'll shortly be publishing it in the Appstore, I'd like to know what security checks I need to make.

The basic flow of the program (without divulging too much info about it) is as follows -

. Login (Enter Username, pass on the app)
. Primary screen where the data is loaded from a webservice and presented
. And post data back after a few updates by the user

I'm using POST to send the data to the Webservice via HTTPS. I'm sanitizing the inputs, checking for length of the inputs, but that's the limit of my knowledge as far as security goes. Any other tips are greatly appreciated!

Edit: I should probably add that our service needs to be subscribed to separately and the iPhone component of it cannot be used alone. So the average user will not have login credentials. And the app itself has healthcare data in it, so I'd rather not have anyone trying attacks from my login page.

Thanks,
Teja.

© Stack Overflow or respective owner

Related posts about ASP.NET

Related posts about webservice