The OWASP project (Open Web Application Security Project) has several short videos which explain web application security and the most common vulnerabilities (Injection Attacks & Cross Site Scripting) in simple, easy to understand terms. The videos are listed at https://www.owasp.org/index.php/OWASP_Appsec_Tutorial_Series and are highly recommended as a web application security primer.
OWASP also maintains a list of useful "cheat sheets" which cover topics such as Input Validation, Query Parameterization, PHP security, HTML5 Security, Authentication and more at https://www.owasp.org/index.php/Cheat_Sheets
Since we host many ASP.NET web sites, we have compiled some useful ASP.NET-specific resources below:
OWASP Top 10 for .NET Developers, by Troy Hunt, Microsoft MVPhttp://www.troyhunt.com/2011/12/free-ebook-owasp-top-10-for-net.html
Exploring ASP.NET Validation Controlshttp://www.codeproject.com/Articles/426761/Exploring-ASP-NET-Validation-Controls
Design Guidelines for Secure Web Applicationshttp://msdn.microsoft.com/library/aa302420.aspx
How To Protect From Injection Attacks in ASP.NEThttp://msdn.microsoft.com/library/bb355989.aspx
How To Prevent Cross-Site Scripting in ASP.NEThttp://msdn.microsoft.com/library/ms998274.aspx
How To Use Regular Expressions to Constrain Input in ASP.NEThttp://msdn.microsoft.com/library/ms998267.aspx
Anti-Cross Site Scripting Libraryhttp://msdn.microsoft.com/en-us/security/aa973814
Information Disclosure / Information LeakageA good description of this vulnerability and a list of resources are available on the Web Application Security Consortium web site at:http://projects.webappsec.org/w/page/13246936/Information%20Leakage
Trouble logging in? Simply enter your email address OR username in order to reset your password.
For faster and more reliable delivery, add firstname.lastname@example.org to your trusted senders list in your email software.