Introduction – OWASP Top 10 for EPiServer Developers
Posted on May 6, 2011 by Frederik Vig in ASP.NET, EPiServerThe Open Web Application Security Project (OWASP), is an open community that focuses on improving web application security. OWASP Top 10 is a list of the most critical web application security risks. Here is the 2010 list:
- Injection
- Cross-Site Scripting (XSS)
- Broken Authentication and Session Management
- Insecure Direct Object References
- Cross-Site Request Forgery (CSRF)
- Security Misconfiguration
- Insecure Cryptographic Storage
- Failure to Restrict URL Access
- Insufficient Transport Layer Protection
- Unvalidated Redirects and Forwards
In this series I’m going to explain the 10 security risks and how we as EPiServer developers (or ASP.NET) can protect us against exposing them in our web applications, we’ll also look at tools for analyzing web applications to find security flaws and how we as developers should think about security when developing.
Hope you’ll enjoy this series. Feedback is as always welcome.
Paul Kennett says:
Post Author May 16, 2011 at 02:28Looking forward to this series Frederik. You posts always carry great info.