这是国内首本在网站系统安全开发规范方面的应用手册，由动易软件安全工程师们耗时近6个月精心编制而成。手册基于.NET 2.0 的网站系统开发环境进行编写，共分为十三大项，30个小项，介绍了输入验证、输出编码、SQL注入、跨站脚本攻击、跨站请求伪造、越权操作、IO操作安全、缓存泄漏、系统加密、信息批漏、日志和监测、Web.config安全配置等方面的内容，并列明具体的防御手段和方法，从而为网站开发人员提供了一本深具实操性的工具书。

-This is the first site of the system security aspects of the development of standardized manuals and by PowerEasy time-consuming software security engineers are nearly 6 months meticulously prepared. Manual-based. NET 2.0 web site development environment for the preparation of the system is divided into 13 major and 30 small items, introduced input validation, output encoding, SQL injection, cross-site scr ipting attacks, cross-site request forgery, unauthorized operations, IO safe operation, cache leakage, the system encryption, information leakage approved, log and monitoring, Web.config security configuration and so the content and set out the specific means and methods of defense, so as to Web site developers is a great parade of the tool.