If you're looking for some interesting reading, try this article by Paulo Gomes on hacking ASP.NET (actually, try googling “Hacking ASP.NET” for a bunch of interesting articles). Paulo's article specifically discusses how an innocent Web application can be used to turn your organization's server into some hacker's puppet/zombie.
One part of the article talks about how creating a zombie requires that a malicious payload be uploaded to the ASP.NET site. As Paulo points out, there is a way to avoid this: “General advice is to reject any malformed input” ... which is where the ApiController attribute comes in.
When you create a Web service in ASP.NET Core, you have the option of applying the ApiController attribute to your service controllers. With that attribute in place, when model binding finds mismatches between the data sent to your service and the parameters passed to your service methods, ASP.NET automatically returns a 400 (Bad Request) status code and doesn't invoke your method. Therefore, there's no point inside a Web Service method to check the ModelState IsValid property because if the code inside your method is executing then IsValid will be true.
You can turn that feature off by omitting the ApiController attribute. But, as Paulo points out, you don't want to: The ApiController method is doing exactly what you want by ensuring that you only accept data that is, at least, well-formed. This won't protect you against every hack, of course, but it's a very good start.
Posted by Peter Vogel on 10/22/2019 at 11:03 AM
The Modern Data Warehouse (MDW) pattern makes it easier than ever to deal with the increasing volume of enterprise data by enabling massive, global-scale writes operations while making the information instantly available for reporting and insights.
Responding to user requests for a more seamless startup experience, Uno Platform 4.8 introduces a new App Template wizard to do just that.
The new ledger feature in SQL Server 2022 provides blockchain-based security to ensure data isn't tampered with.
User experience expert Debbie Levitt provided some saucy answers about an upcoming Visual Studio Live! presentation with an even saucier title: Fast Focus: WTF UX - UX Research and Design AMA.
Developers can now sign up for a private preview of enhanced chat capabilities coming to GitHub Copilot, the "AI pair programmer" that works in the Visual Studio 2022 IDE and in Visual Studio Code.
> More Webcasts