MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


I'm not curious

OWASP Top 10 Web Application Security Risks for ASP.NET

Course Summary

Web applications today are being hacked with alarming regularity by hacktivists, online criminals and nation states. Very frequently, it is the same prevalent security risks being exploited which is why the Open Web Application Security Project (OWASP) de


  • +

    Course Syllabus

    ● Introduction
        ◦ Introduction
        ◦ Who's getting hacked?
        ◦ Who's doing the hacking?
        ◦ OWASP and the Top 10
        ◦ Applying security in depth
    ● Injection
        ◦ Introduction
        ◦ OWASP overview and risk rating
        ◦ Demo: Anatomy of an attack
        ◦ Risk in practice: LulzSec and Sony
        ◦ Understanding SQL injection
        ◦ Defining untrusted data
        ◦ Demo: The principle of least privilege
        ◦ Demo: Inline SQL parameterisation
        ◦ Demo: Stored procedure parameterisation
        ◦ Demo: Whitelisting untrusted data
        ◦ Demo: Entity Framework’s SQL parameterisation
        ◦ Demo: Injection through stored procedures
        ◦ Demo: Injection automation with Havij
        ◦ Summary
    ● Cross Site Scripting (XSS)
        ◦ Introduction
        ◦ OWASP overview and risk rating
        ◦ Demo: Anatomy of an attack
        ◦ Risk in practice: My Space and Samy
        ◦ Understanding XSS
        ◦ Output encoding concepts
        ◦ Demo: Implementing output encoding
        ◦ Demo: Output encoding in web forms
        ◦ Demo: Output encoding in MVC
        ◦ Demo: Whitelisting allowable values
        ◦ Demo: ASP.NET request validation
        ◦ Demo: Reflective versus persistent XSS
        ◦ Demo: Native browser defences
        ◦ Demo: Payload obfuscation
        ◦ Summary
    ● Broken Authentication and Session Management
        ◦ Introduction
        ◦ OWASP overview and risk rating
        ◦ Demo: Anatomy of an attack
        ◦ Risk in practice: Apple's session fixation
        ◦ Persisting state in a stateless protocol
        ◦ The risk of session persistence in the URL versus cookies
        ◦ Demo: Securely configuring session persistence
        ◦ Demo: Leveraging ASP.NET membership provider for authentication
        ◦ Customising session and forms timeouts to minimise risk windows
        ◦ Siding versus fixed forms timeout
        ◦ Other broken authentication patterns
        ◦ Summary
    ● Insecure Direct Object References
        ◦ Introduction
        ◦ OWASP overview and risk rating
        ◦ Demo: Anatomy of an attack
        ◦ Risk in practice: Citibank
        ◦ Understanding direct object references
        ◦ Demo: Implementing access controls
        ◦ Understanding indirect reference maps
        ◦ Demo: Building an indirect reference map
        ◦ Obfuscation via random surrogate keys
        ◦ Summary
    ● Cross Site Request Forgery (CSRF)
        ◦ Introduction
        ◦ OWASP overview and risk rating
        ◦ Demo: Anatomy of an attack
        ◦ Risk in practice: Compromised Brazilian modems
        ◦ What makes a CSRF attack possible
        ◦ Understanding anti-forgery tokens
        ◦ Demo: Implementing an anti-forgery token in MVC
        ◦ Demo: Web forms approach to anti-forgery tokens
        ◦ CSRF fallacies and browser defences
        ◦ Summary
    ● Security Misconfiguration
        ◦ Introduction
        ◦ OWASP overview and risk rating
        ◦ Demo: Anatomy of an attack
        ◦ Risk in practice: ELMAH
        ◦ Demo: Correctly configuring custom errors
        ◦ Demo: Securing web forms tracing
        ◦ Demo: Keeping frameworks current with NuGet
        ◦ Demo: Encrypting sensitive parts of the web.config
        ◦ Demo: Using config transforms to apply secure configurations
        ◦ Demo: Enabling retail mode on the server
        ◦ Summary


    Course Fee:
    USD 29

    Course Type:

    Self-Study

    Course Status:

    Active

    Workload:

    1 - 4 hours / week

    Attended this course?

    Back to Top

    Awards & Accolades for MyTechLogy
    Winner of
    REDHERRING
    Top 100 Asia
    Finalist at SiTF Awards 2014 under the category Best Social & Community Product
    Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
    Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
    Hidden Image Url

    Back to Top