-
Course
- Security
OWASP Top 10 Web Application Security Risks for ASP.NET
This course introduces the OWASP Top 10 Most Critical Web Application Security Risks including how to demonstrate and mitigate them in ASP.NET.
What you'll learn
Web applications today are being hacked with alarming regularity by hacktivists, online criminals and nation states. Very frequently, it is the same prevalent security risks being exploited which is why the Open Web Application Security Project (OWASP) developed their list of Top 10 Most Critical Web Application Security Risks to help developers build more secure software. This course helps developers apply the Top 10 in ASP.NET using both web forms and MVC by walking through an overview of the risk, demonstrating how it can be exploited in .NET and then delving into the various approaches available to mitigate it by applying security in depth.
Table of contents
- Introduction | 1m 20s
- OWASP overview and risk rating | 2m 23s
- Demo: Anatomy of an attack | 7m 43s
- Risk in practice: LulzSec and Sony | 59s
- Understanding SQL injection | 1m 18s
- Defining untrusted data | 3m 7s
- Demo: The principle of least privilege | 4m 28s
- Demo: Inline SQL parameterisation | 3m 4s
- Demo: Stored procedure parameterisation | 2m 3s
- Demo: Whitelisting untrusted data | 7m 17s
- Demo: Entity Framework’s SQL parameterisation | 3m 28s
- Demo: Injection through stored procedures | 5m 57s
- Demo: Injection automation with Havij | 4m 5s
- Summary | 2m 17s
About the author
Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.
More Courses by Troy