Thursday 13 June 2013

Defensive Programming 101 at NDC 2013 Resources

Thanks to all who came to my session at NDC.

The following is the list of resources that I suggested at the end of my talk

ASP.NET Resources

• OWASP Top 10 by Troy Hunt - http://www.troyhunt.com/2011/12/free-ebook-owasp-top-10-for-net.html

• Basic Security Practices for Web Applications - http://msdn.microsoft.com/en-us/library/zdh19h94(v=vs.100).aspx

• ASP.NET MVC Security - http://www.asp.net/mvc/overview/security

• Combating ClickJacking With X-Frame-Options - http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx

• AntiXSS Toolkit - http://wpl.codeplex.com/

• ASafaWeb - https://asafaweb.com/

• ASP.NET Security Wiki - http://wiki.asp.net/page.aspx/27/security/

IIS Resources

• Security Guidance for IIS - http://technet.microsoft.com/en-us/library/dd450371.aspx

• IIS Lockdown tool - http://technet.microsoft.com/en-us/library/dd450372(v=ws.10).aspx

• URLScan – http://www.iis.net/learn/extensions/working-with-urlscan

• IIS Configuring security - http://learn.iis.net/page.aspx/88/configuring-security/

• IIS Security Tools - http://www.iis.net/community/Security

• Penetration Testing Tools list - http://projects.webappsec.org/w/page/13246988/Web%20Application%20Security%20Scanner%20List

Project Swiss Cheese will be on GitHub within the week.