Introduction – OWASP Top 10 for EPiServer DevelopersPosted on May 6, 2011 by Frederik Vig in ASP.NET, EPiServer
The Open Web Application Security Project (OWASP), is an open community that focuses on improving web application security. OWASP Top 10 is a list of the most critical web application security risks. Here is the 2010 list:
- Cross-Site Scripting (XSS)
- Broken Authentication and Session Management
- Insecure Direct Object References
- Cross-Site Request Forgery (CSRF)
- Security Misconfiguration
- Insecure Cryptographic Storage
- Failure to Restrict URL Access
- Insufficient Transport Layer Protection
- Unvalidated Redirects and Forwards
In this series I’m going to explain the 10 security risks and how we as EPiServer developers (or ASP.NET) can protect us against exposing them in our web applications, we’ll also look at tools for analyzing web applications to find security flaws and how we as developers should think about security when developing.
Hope you’ll enjoy this series. Feedback is as always welcome.