McCullough & Associates | Training | Consulting

(972) 712-7103

Securing ASP.Net Applications - OWASP Top 10

Take this class

Click here to request this course on a different date.

This course is specifically designed to introduce your developers to common vulnerabilites, specifically those identified in the OWASP top 10 project. Now updated for 2013! There are many ways in which attackers can obtain data and exploiting vulnerabilities in custom application code is common.

This course guides the participant through security vulnerabilities from OWASP top ten list. The course explains the vulnerability, provides samples of the flaw, provides solutions to protect the application, and provides tests to check site security.

This course involves hand-on demonstrations and labs.

Audience

Students should have experience with ASP.Net using C# or VB.Net.

Length: 2 Days

Outline

  • PCI Data Security Standard (DSS)
  • Overview of the OWASP Project
  • Secure Coding Principles
  • Top Ten
    • Injection Flaws
    • Broken Authentication and Session Management
    • Cross Site Scripting
    • Insecure Direct Object Reference
    • Security Misconfiguration
    • Sensitive Data Exposure
    • Missing Function Level Access Controls
    • Cross Site Request Forgery
    • Using Components with Known Vulnerabilities
    • Unvalidated Redirects & Forwards
  • Best Practices
  • Whitelist vs Blacklist
  • Regular Expressions
  • Validation points & Frameworks
  • Threat Risk Modeling
  • Summary of E-Commerce Requirements
  • Phishing Attacks
  • Managing Access – Authentication & Authorization
  • DREAD
  • Conclusion