Understanding Web Application Security
The OWASP project (Open Web Application Security Project) has several short videos which explain web application security and the most common vulnerabilities (Injection Attacks & Cross Site Scripting) in simple, easy to understand terms. The videos are listed at https://www.owasp.org/index.php/OWASP_Appsec_Tutorial_Series and are highly recommended as a web application security primer.
OWASP also maintains a list of useful “cheat sheets” which cover topics such as Input Validation, Query Parameterization, PHP security, HTML5 Security, Authentication and more at https://www.owasp.org/index.php/Cheat_Sheets
Since we host many ASP.NET web sites, we have compiled some useful ASP.NET-specific resources below:
Resources for securing ASP.NET Applications
OWASP Top 10 for .NET Developers, by Troy Hunt, Microsoft MVP
Exploring ASP.NET Validation Controls
Design Guidelines for Secure Web Applications
How To Protect From Injection Attacks in ASP.NET
How To Prevent Cross-Site Scripting in ASP.NET
How To Use Regular Expressions to Constrain Input in ASP.NET
Anti-Cross Site Scripting Library
Information Disclosure / Information Leakage
A good description of this vulnerability and a list of resources are available on the Web Application Security Consortium web site at:
Content retrieved from: https://support.appliedi.net/kb/a745/securing-web-applications.aspx.