OWASP Mitigations for .NET


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description
The Open Web Application Security (OWASP) Project is an initiative to track and report on the most prevalent and most dangerous web application exploits. This course follows a 'Defense-In-Depth' strategy of assessing each layer of your .NET web application and applying the OWASP Top 10 principles to mitigate against these threats. This course is one of a series in the SkillSoft learning path that covers the OWASP Top 10.

Target Audience
Developers wanting to learn about the OWASP Top 10 and how to mitigate against them in .NET.

Prerequisites
None

Expected Duration (hours)
3.4

Lesson Objectives

OWASP Mitigations for .NET

  • start the course
  • recognize how error message handling can be exploited and how to deal with this
  • recognize how to encrypt relevant sections of the .NET configuration files
  • recognize how to handle security when using NuGet packages
  • describe when and how to use encryption in .NET
  • recognize how asymmetric encryption works in .NET
  • describe how to mitigate against command injection at the base .NET Framework level
  • describe SQL Injection and how to mitigate against it
  • identify the SQL Server authentication models
  • identify mitigations to Insecure Direct Object Reference at the database level
  • describe password hashing and its application
  • describe how inadequately releasing types can lead to Denial of Service
  • describe CORS Preflight requests and how to secure them in ASP.NET Web API
  • recognize where and how to implement authorization in ASP.NET Web API
  • recognize where and how to implement authorization in WCF
  • identify the authentication types in web-hosted .NET projects and configure them in IIS and in configuration files
  • recognize the impacts of various web.config file settings
  • describe SSL/HTTPS security
  • describe how to mitigate web parameter tampering in ASP.NET MVC and JavaScript
  • describe JavaScript behaviors that can lead to security breaches and how to mitigate against them
  • describe how to appropriate encode output into a page to avoid script injection, XSS, and other exploits
  • recognize how the built-in validation capabilities in ASP.NET and ASP.NET MVC protect against attacks
  • describe how session state works in ASP.NET and ASP.NET MVC
  • implement password policies in ASP.NET and ASP.NET MVC
  • describe multi-factor authentication and how it can be implemented in ASP.NET MVC
  • list appropriate approaches to capturing, storing, validating, and resetting user passwords
  • describe the HttpOnly Cookie Flag and how to apply it in ASP.NET and ASP.NET MVC
  • use the Microsoft Anti-cross Site Scripting Library
  • implement authorization in ASP.NET MVC
  • allow your users to authenticate against external login providers like Microsoft, Twitter, Facebook and Google
  • identify mitigations for OWASP Top 10 violations in a given scenario

    • Course Number:
    sp_owsp_a02_it_enus

    Expertise Level
    Intermediate