Download Now

OWASP Top 10 Web Application Security Risks for ASP.NET

OWASP Top 10 Web Application Security Risks for ASP.NET
English | Size: 2.08 GB
Category: CBTs
Introduction
Who's getting hacked?
Who's doing the hacking?
OWASP and the Top 10
Applying security in depth
Injection
Introduction
OWASP overview and risk rating
Demo: Anatomy of an attack
Risk in practice: LulzSec and Sony
Understanding SQL injection
Defining untrusted data
Demo: The principle of least privilege
Demo: Inline SQL parameterisation
Demo: Stored procedure parameterisation
Demo: Whitelisting untrusted data
Demo: Entity Framework's SQL parameterisation
Demo: Injection through stored procedure
Demo: Injection automation with Havij

Summary


Cross Site Scripting (XSS)


Introduction

OWASP overview and risk rating

Demo: Anatomy of an attack

Risk in practice: My Space and Samy

Understanding XSS

Output encoding concepts

Demo: Implementing output encoding

Demo: Output encoding in web forms

Demo: Output encoding in MVC

Demo: Whitelisting allowable values

Demo: ASP.NET request validation

Demo: Reflective versus persistent XSS

Demo: Native browser defences

Demo: Payload obfuscation

Summary


Broken Authentication and Session Management


Introduction

OWASP overview and risk rating

Demo: Anatomy of an attack

Risk in practice: Apple's session fixation

Persisting state in a stateless protocol

The risk of session persistence in the URL versus cookies

Demo: Securely configuring session persistence

Demo: Leveraging ASP.NET membership provider for authentication

Customising session and forms timeouts to minimise risk ShiChuang

Siding versus fixed forms timeout

Other broken authentication patterns

Summary


Insecure Direct Object References


Introduction

OWASP overview and risk rating

Demo: Anatomy of an attack

Risk in practice: Citibank

Understanding direct object references

Demo: Implementing access controls

Understanding indirect reference maps

Demo: Building an indirect reference map

Obfuscation via random surrogate keys

Summary


Cross Site Request Forgery (CSRF)


Introduction

OWASP overview and risk rating

Demo: Anatomy of an attack

Risk in practice: Compromised Brazilian modems

What makes a CSRF attack possible

Understanding anti-forgery tokens

Demo: Implementing an anti-forgery token in MVC

Demo: Web forms approach to anti-forgery tokens

CSRF fallacies and browser defences

Summary


Security Misconfiguration


Introduction

OWASP overview and risk rating

Demo: Anatomy of an attack

Risk in practice: ELMAH

Demo: Correctly configuring custom errors

Demo: Securing web forms tracing

Demo: Keeping frameworks current with NuGet

Demo: Encrypting sensitive parts of the web.config

Demo: Using config transforms to apply secure configurations

Demo: Enabling retail mode on the server

Summary


Insecure Cryptographic Storage


Introduction

OWASP overview and risk rating

Demo: Anatomy of an attack

Risk in practice: ABC passwords

Understanding password storage and hashing

Understanding salt and brute force attacks

Slowing down hashes with the new Membership Provider

Other stronger hashing implementations

Things to consider when choosing a hashing implementation

Understanding symmetric and asymmetric encryption

Demo: Symmetric encryption using DPAPI

What's not cryptographic

Summary


Failure to Restrict URL Access


Introduction

OWASP overview and risk rating

Demo: Anatomy of an attack

Risk in practice: Apple AT&T leak

Demo: Access controls in ASP.NET part 1: web.config locations

Demo: Access controls in ASP.NET part 2: The authorize attribute

Demo: Role based authorisation with the ASP.NET Role Provider

Other access controls risk and misconceptions

Summary


Insufficient Transport Layer Protection


Introduction

OWASP overview and risk rating

Demo: Anatomy of an attack

Risk in practice: Tunisian ISPs

Demo: Understanding secure cookies and forms authentication

Demo: Securing other cookies in ASP.NET

Demo: Forcing web forms to use HTTPS

Demo: Requiring HTTPS on MVC controllers

Demo: Mixed mode HTTPS

HTTP strict transport security

Other insufficient HTTPS patterns

Other HTTPS considerations

Summary


Unvalidated Redirects and Forwards


Introduction

OWASP overview and risk rating

Demo: Anatomy of an attack

Risk in practice: US government websites

Understanding the value of unvalidated redirects to attackers

Demo: implementing a whitelist

Demo: implementing referrer checking

Other issues with the unvalidated redirect risk

Summary

Buy Premium Account To Get Resumable Support & Max Speed




Links are Interchangeable - No Password
Direct Download

Tags: Application, Security

Comments
Name:*
E-Mail:*
Add Comments:
Enter Code: *