Research Library

The top resource for free research, white papers, reports, case studies, magazines, and eBooks.

Share Your Content with Us
on for readers like you. LEARN MORE
OWASP Top 10 for .NET Developers
Request Your Free eBook Now:

"OWASP Top 10 for .NET Developers"

Look at security risk in details and learn how it might be exploited in a .NET web application.

OWASP has produced some excellent material over the years, not least of which is The Ten Most Critical Web Application Security Risks – or “Top 10” for short - whose users and adopters include a who’s who of big business.

The Top 10 is a fantastic resource for the purpose of identification and awareness of common security risks. However it’s abstracted slightly from the technology stack in that it doesn’t contain a lot of detail about the execution and required countermeasures at an implementation level. Of course this approach is entirely necessary when you consider the extensive range of programming languages potentially covered by the Top 10.

What author Troy Hunt found when directing .NET developers to the Top 10 is some confusion about how to comply at the coalface of development so he wanted to approach the Top 10 from the angle these people are coming from.

Hunt looks at the security risk in detail, demonstrates – where possible – how it might be exploited in a .NET web application and then details the countermeasures at a code level.

Contents Include:

1. Injection

2. Cross-Site Scripting (XSS)

3. Broken Authentication and

Session Management

4. Insecure Direct Object References

5. Cross-Site Request Forgery (CSRF)

6. Security Misconfiguration

7. Insecure Cryptographic Storage

8. Failure to Restrict URL Access

9. Insufficient Transport Layer Protection

10. Invalidated Redirects and Forwards

Offered Free by: Troy Hunt
See All Resources from: Troy Hunt


Recommended for Professionals Like You: