Understanding Web Application Security
The OWASP project (Open Web Application Security Project) has several short videos which explain web application security and the most common vulnerabilities (Injection Attacks & Cross Site Scripting) in simple, easy to understand terms. The videos are listed at https://www.owasp.org/index.php/OWASP_Appsec_Tutorial_Series and are highly recommended as a web application security primer.
OWASP also maintains a list of useful “cheat sheets” which cover topics such as Input Validation, Query Parameterization, PHP security, HTML5 Security, Authentication and more at https://www.owasp.org/index.php/Cheat_Sheets
Since we host many ASP.NET web sites, we have compiled some useful ASP.NET-specific resources below:
Resources for securing ASP.NET Applications
OWASP Top 10 for .NET Developers, by Troy Hunt, Microsoft MVP
http://www.troyhunt.com/2011/12/free-ebook-owasp-top-10-for-net.html
Exploring ASP.NET Validation Controls
http://www.codeproject.com/Articles/426761/Exploring-ASP-NET-Validation-Controls
Design Guidelines for Secure Web Applications
http://msdn.microsoft.com/library/aa302420.aspx
How To Protect From Injection Attacks in ASP.NET
http://msdn.microsoft.com/library/bb355989.aspx
How To Prevent Cross-Site Scripting in ASP.NET
http://msdn.microsoft.com/library/ms998274.aspx
How To Use Regular Expressions to Constrain Input in ASP.NET
http://msdn.microsoft.com/library/ms998267.aspx
Anti-Cross Site Scripting Library
http://msdn.microsoft.com/en-us/security/aa973814
Information Disclosure / Information Leakage
A good description of this vulnerability and a list of resources are available on the Web Application Security Consortium web site at:
http://projects.webappsec.org/w/page/13246936/Information%20Leakage
Content retrieved from: https://support.appliedi.net/kb/a745/securing-web-applications.aspx.