MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


I'm not curious

Hack-proofing Your ASP.NET Web Applications

Course Summary

Developers are notoriously lax in security. Part of the problem is not understanding how our applications are attacked. To protect your applications you need to BE a hacker. You need to understand how your applications are hacked, and therefore, how to pr


  • +

    Course Syllabus

    ● SQL Injection
        ◦ Introduction
        ◦ What is SQL Injection?
        ◦ Demo - Form based SQL Injection 1
        ◦ Demo - Form based SQL Injection 2
        ◦ How do you prevent SQL Injection?
        ◦ Demo - SQL Permissions Auditor Tool
        ◦ Additional Protections
        ◦ Problematic Fixes - Blacklisting Routines
        ◦ Problematic Fixes - SQL Routines and SQL Truncation
        ◦ Basic Dynamic Query Ideas
        ◦ Using an ORM
        ◦ Additional Information / References
    ● Information Leakage
        ◦ Introduction
        ◦ What is information leakage?
        ◦ How is it information gathered?
        ◦ Demo - Web App Basic Information Leakage
        ◦ Demo - Information Leakage from error page
        ◦ Demo - Information Leakage by Ajax
        ◦ How do you prevent Information Leakage?
        ◦ Additional Reading
    ● Cross-Site Scripting (XSS)
        ◦ Introduction
        ◦ What is XSS?
        ◦ How is XSS exploited?
        ◦ Demo - Reflected XSS Attack
        ◦ Demo - Persistent XSS Attack
        ◦ Demo - Older Style IE6 Content Type Sniffing Attack
        ◦ Demo - DOM Based XSS
        ◦ Demo - Data URI - Link Hijack
        ◦ Demo - Dangling Markup/Scriptless Attacks
        ◦ How do you prevent XSS?
        ◦ How do you prevent XSS (page 2)
        ◦ Demo (Prevention)- AntiXss GetSafeHtmlFragment()
        ◦ Demo (Prevention)- Specifying UTF-8 Encoding
        ◦ Demo (Prevention)- Content Security Policy
        ◦ Problems with blacklists / character filtering
        ◦ How do you prevent XSS (last but not least)
        ◦ Don't turn off Request Validation
        ◦ Know your encoding options
        ◦ Demo (Fix) - Fixing Web Forms Repeater
        ◦ Demo (Fix) - Fixing Scriptless / Dangling HTML
        ◦ Demo (Fix) - Fixing DOM based attacks
        ◦ Tools
        ◦ Summary
        ◦ Additional Information / References
    ● Parameter Tampering
        ◦ Introduction
        ◦ What is parameter tampering?
        ◦ How is it exploited?
        ◦ MVC Parameter Tampering
        ◦ Web Forms Parameter Tampering
        ◦ EventValidation issues with client side script
        ◦ Preventing tampering in MVC
        ◦ Preventions - Regular Expressions
        ◦ Preventions - Data Annotations
        ◦ Validate your data!
        ◦ A few minor words of caution
        ◦ Summary
        ◦ Additional Information / References
    ● Encryption and Hashing
        ◦ Introduction
        ◦ Why should I encrypt?
        ◦ How to encrypt - database side
        ◦ SQL - Encrypt by passphrase
        ◦ SQL - Encrypt by certificate
        ◦ How to encrypt - application code
        ◦ How to encrypt - configuration settings
        ◦ Forcing SSL - MVC
        ◦ Forcing SSL - Web Forms
        ◦ Forcing SSL - Additional Information
        ◦ Installing SSL on your development box
        ◦ About Hashing
        ◦ How are hashes attacked?
        ◦ What's a salt?
        ◦ Demo - Basic hash with salt
        ◦ Demo - Hash brute force attack (even with a salt!)
        ◦ Tool Demo - Hashcat
        ◦ Choosing the right approaches
        ◦ Membership provider support
        ◦ But I need my lost password functionality!
        ◦ Additional Information
    ● Cross-Site Request Forgery (CSRF)
        ◦ Introduction
        ◦ What is CSRF?
        ◦ How is CSRF exploited?


Course Fee:
USD 29

Course Type:

Self-Study

Course Status:

Active

Workload:

1 - 4 hours / week

Attended this course?

Back to Top

Awards & Accolades for MyTechLogy
Winner of
REDHERRING
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url

Back to Top