What are security issues in asp.net mvc?

What are security issues in asp.net mvc?! and does MVC solve开发者_StackOverflowd XSS and the others?!

As jfar says: watch out for SQL injection. :-)

It helps by allowing you to use some specific pieces, but you still have to use them in appropriate places.

• Use the new default <%: that Html Encodes the output
• Use the anti forgery request token
• Use Any of the provided data access solutions. At the lowest possible level, use .Parameters to pass parameters
• Pay attention to every bit of guidance
• don't dismiss security advisory published, as the recent one affecting asp.net in general: is-asp-net-mvc-vulnerable-to-the-oracle-padding-attack

You still have to understand & question the security aspects.

The same as any other website. Just like any other language or framework Sql Injection and Request Forgery are only solved if you implement measures to prevent it. XSS is solved only if you don't need to accept HTML input and disable XSS validation.

Don't get soft thinking MS provided all the answers. It still takes a keen eye for flaws and a rigid application of counter measures to keep things secure.