OWASP Top 10 Web Application Security Risks for ASP NET

/Module 08 Insecure Cryptographic Storage/

03_Demo Anatomy of an attack.flv

06_Understanding salt and brute force attacks.flv

05_Understanding password storage and hashing.flv

11_Demo Symmetric encryption using DPAPI.flv

07_Slowing down hashes with the new Membership Provider.flv

04_Risk in practice ABC passwords.flv

08_Other stronger hashing implementations.flv

12_What's not cryptographic.flv

09_Things to consider when choosing a hashing implementation.flv

10_Understanding symmetric and asymmetric encryption.flv

13_Summary.flv

02_OWASP overview and risk rating.flv

01_Introduction.flv

/Module 03 Cross Site Scripting (XSS)/

11_Demo ASP.NET request validation.flv

07_Demo Implementing output encoding.flv

04_Risk in practice My Space and Samy.flv

03_Demo Anatomy of an attack.flv

08_Demo Output encoding in web forms.flv

12_Demo Reflective versus persistent XSS.flv

13_Demo Native browser defences.flv

06_Output encoding concepts.flv

10_Demo Whitelisting allowable values.flv

09_Demo Output encoding in MVC.flv

15_Summary.flv

14_Demo Payload obfuscation.flv

05_Understanding XSS.flv

02_OWASP overview and risk rating.flv

01_Introduction.flv

/Module 05 Insecure Direct Object References/

08_Demo Building an indirect reference map.flv

06_Demo Implementing access controls.flv

03_Demo Anatomy of an attack.flv

05_Understanding direct object references.flv

07_Understanding indirect reference maps.flv

04_Risk in practice Citibank.flv

10_Summary.flv

09_Obfuscation via random surrogate keys.flv

02_OWASP overview and risk rating.flv

01_Introduction.flv

/Module 10 Insufficient Transport Layer Protection/

03_Demo Anatomy of an attack.flv

05_Demo Understanding secure cookies and forms authentication.flv

06_Demo Securing other cookies in ASP.NET.flv

07_Demo Forcing web forms to use HTTPS.flv

09_Demo Mixed mode HTTPS.flv

04_Risk in practice Tunisian ISPs.flv

12_Other HTTPS considerations.flv

10_HTTP strict transport security.flv

11_Other insufficient HTTPS patterns.flv

13_Summary.flv

08_Demo Requiring HTTPS on MVC controllers.flv

02_OWASP overview and risk rating.flv

01_Introduction.flv

/Module 07 Security Misconfiguration/

05_Demo Correctly configuring custom errors.flv

09_Demo Using config transforms to apply secure configurations.flv

03_Demo Anatomy of an attack.flv

06_Demo Securing web forms tracing.flv

10_Demo Enabling retail mode on the server.flv

08_Demo Encrypting sensitive parts of the web.config.flv

07_Demo Keeping frameworks current with NuGet.flv

04_Risk in practice ELMAH.flv

11_Summary.flv

02_OWASP overview and risk rating.flv

01_Introduction.flv

/Module 06 Cross Site Request Forgery (CSRF)/

05_What makes a CSRF attack possible.flv

07_Demo Implementing an anti-forgery token in MVC.flv

03_Demo Anatomy of an attack.flv

04_Risk in practice Compromised Brazilian modems.flv

08_Demo Web forms approach to anti-forgery tokens.flv

09_CSRF fallacies and browser defences.flv

06_Understanding anti-forgery tokens.flv

10_Summary.flv

02_OWASP overview and risk rating.flv

01_Introduction.flv

/Module 02 Injection/

03_Demo Anatomy of an attack.flv

13_Demo Injection automation with Havij.flv

10_Demo Whitelisting untrusted data.flv

12_Demo Injection through stored procedures.flv

07_Demo The principle of least privilege.flv

11_Demo Entity Framework’s SQL parameterisation.flv

08_Demo Inline SQL parameterisation.flv

06_Defining untrusted data.flv

09_Demo Stored procedure parameterisation.flv

02_QWASP overwiew and risk rating.flv

14_Summary.flv

04_Risk in practice LulzSec and Sony.flv

01_Introduction.flv

05_Understanding SQL injection.flv

/Module 09 Failure to Restrict URL Access/

07_Demo Role based authorisation with the ASP.NET Role Provider.flv

06_Demo Access controls in ASP.NET part 2 The authorize attribute.flv

08_Other access controls risk and misconceptions.flv

05_Demo Access controls in ASP.NET part 1 web.config locations.flv

04_Risk in practice Apple AT&T leak.flv

09_Summary.flv

03_Demo Anatomy of an attack.flv

02_OWASP overview and risk rating.flv

01_Introduction.flv

/Module 01 Introdution/

03_Who's doing the hacking.flv

04_OWASP and the Top 10.flv

05_Applying security in depth.flv

02_Who's getting hacked.flv

01_Introduction.flv

/Module 11 Unvalidated Redirects and Forwards/

07_Demo implementing referrer checking.flv

06_Demo implementing a whitelist.flv

03_Demo Anatomy of an attack.flv

05_Understanding the value of unvalidated redirects to attackers.flv

02_OWASP overview and risk rating.flv

08_Other issues with the unvalidated redirect risk.flv

04_Risk in practice US government websites.flv

09_Summary.flv

01_Introduction.flv

/Module 04 Broken Authentication and Session Management/

08_Demo Leveraging ASP.NET membership provider for authentication.flv

07_Demo Securely configuring session persistence.flv

10_Siding versus fixed forms timeout.flv

09_Customising session and forms timeouts to minimise risk windows.flv

06_The risk of session persistence in the URL versus cookies.flv

03_Demo Anatomy of an attack.flv

11_Other broken authentication patterns.flv

12_Summary.flv

04_Risk in practice Apple's session fixation.flv

02_OWASP overview and risk rating.flv

05_Persisting state in a stateless protocol.flv

01_Introduction.flv

Total files 121