Securing .Net Web Apps
11/28/2011 6:21 AM
From time to time I run across some great development resources on the web that are worth sharing. The below list of blog posts by Troy Hunt is a great starting point if you want to find out about the biggest threats to the security of your websites and the techniques you can use in your development and site administration efforts to prevent such exploits. While we take every effort to ensure that the core framework remains secure, there is still a lot of control that is left in the hands of module developers and site administrators.
Note: There is still one more blog post coming in this series.
OWASP Top 10 for .NET developers series
- Cross-Site Scripting (XSS)
- Broken Authentication and Session Management
- Insecure Direct Object References
- Cross-Site Request Forgery (CSRF)
- Security Misconfiguration
- Insecure Cryptographic Storage
- Failure to Restrict URL Access
- Insufficient Transport Layer Protection