I loved reading this series by Troy Hunt. In the meanwhile I learned a lot about application security and risks involved.
If you have never heard of OWASP before a short introduction:
OWASP, the Open Web Application Security Project, is a non-profit charitable organisation established with the express purpose of promoting secure web application design. OWASP has produced some excellent material over the years, not least of which is The Ten Most Critical Web Application Security Risks – or “Top 10” for short.
The Top 10 is a fantastic resource for the purpose of identification and awareness of common security risks.
Oh, by the way, the current the Top 10 Security Risks for 2010 are
- A1: Injection
- A2: Cross-Site Scripting (XSS)
- A3: Broken Authentication and Session Management
- A4: Insecure Direct Object References
- A5: Cross-Site Request Forgery (CSRF)
- A6: Security Misconfiguration
- A7: Insecure Cryptographic Storage
- A8: Failure to Restrict URL Access
- A9: Insufficient Transport Layer Protection
- A10: Unvalidated Redirects and Forwards
To make it even better Troy decided to turn this piece of art into an e-book. So just go and download these 255 pages of .NET web development security goodness.
And thank you, Troy Hunt!