Securing Web Applications

Understanding Web Application Security

 

The OWASP project (Open Web Application Security Project) has several short videos which explain web application security and the most common vulnerabilities (Injection Attacks & Cross Site Scripting) in simple, easy to understand terms. The videos are listed at https://www.owasp.org/index.php/OWASP_Appsec_Tutorial_Series and are highly recommended as a web application security primer.

OWASP also maintains a list of useful "cheat sheets" which cover topics such as Input Validation, Query Parameterization, PHP security, HTML5 Security, Authentication and more at https://www.owasp.org/index.php/Cheat_Sheets

 

Since we host many ASP.NET web sites, we have compiled some useful ASP.NET-specific resources below:

 

Resources for securing ASP.NET Applications

 

OWASP Top 10 for .NET Developers, by Troy Hunt, Microsoft MVP
http://www.troyhunt.com/2011/12/free-ebook-owasp-top-10-for-net.html

 

Exploring ASP.NET Validation Controls
http://www.codeproject.com/Articles/426761/Exploring-ASP-NET-Validation-Controls

 

Design Guidelines for Secure Web Applications
http://msdn.microsoft.com/library/aa302420.aspx

 

How To Protect From Injection Attacks in ASP.NET
http://msdn.microsoft.com/library/bb355989.aspx

 

How To Prevent Cross-Site Scripting in ASP.NET
http://msdn.microsoft.com/library/ms998274.aspx

 

How To Use Regular Expressions to Constrain Input in ASP.NET
http://msdn.microsoft.com/library/ms998267.aspx

 

Anti-Cross Site Scripting Library
http://msdn.microsoft.com/en-us/security/aa973814

 

Information Disclosure / Information Leakage
A good description of this vulnerability and a list of resources are available on the Web Application Security Consortium web site at:
http://projects.webappsec.org/w/page/13246936/Information%20Leakage

 

Add Feedback