OWASP Mitigations for .NET
Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level
Overview/Description
The Open Web Application Security (OWASP) Project is an initiative to track and report on the most prevalent and most dangerous web application exploits. This course follows a 'Defense-In-Depth' strategy of assessing each layer of your .NET web application and applying the OWASP Top 10 principles to mitigate against these threats. This course is one of a series in the SkillSoft learning path that covers the OWASP Top 10.
Target Audience
Developers wanting to learn about the OWASP Top 10 and how to mitigate against them in .NET.
Prerequisites
None
Expected Duration (hours)
3.4
Lesson Objectives OWASP Mitigations for .NET
start the course
recognize how error message handling can be exploited and how to deal with this
recognize how to encrypt relevant sections of the .NET configuration files
recognize how to handle security when using NuGet packages
describe when and how to use encryption in .NET
recognize how asymmetric encryption works in .NET
describe how to mitigate against command injection at the base .NET Framework level
describe SQL Injection and how to mitigate against it
identify the SQL Server authentication models
identify mitigations to Insecure Direct Object Reference at the database level
describe password hashing and its application
describe how inadequately releasing types can lead to Denial of Service
describe CORS Preflight requests and how to secure them in ASP.NET Web API
recognize where and how to implement authorization in ASP.NET Web API
recognize where and how to implement authorization in WCF
identify the authentication types in web-hosted .NET projects and configure them in IIS and in configuration files
recognize the impacts of various web.config file settings
describe SSL/HTTPS security
describe how to mitigate web parameter tampering in ASP.NET MVC and JavaScript
describe JavaScript behaviors that can lead to security breaches and how to mitigate against them
describe how to appropriate encode output into a page to avoid script injection, XSS, and other exploits
recognize how the built-in validation capabilities in ASP.NET and ASP.NET MVC protect against attacks
describe how session state works in ASP.NET and ASP.NET MVC
implement password policies in ASP.NET and ASP.NET MVC
describe multi-factor authentication and how it can be implemented in ASP.NET MVC
list appropriate approaches to capturing, storing, validating, and resetting user passwords
describe the HttpOnly Cookie Flag and how to apply it in ASP.NET and ASP.NET MVC
use the Microsoft Anti-cross Site Scripting Library
implement authorization in ASP.NET MVC
allow your users to authenticate against external login providers like Microsoft, Twitter, Facebook and Google
identify mitigations for OWASP Top 10 violations in a given scenario
Course Number: sp_owsp_a02_it_enus
Expertise Level
Intermediate