Thanks to all that came to my session at Defensive Programming. It was great to have such an interactive audience.
Code download: Here
The excellent haveibeingpwnd.com by Troy Hunt
ASP.NET Resources
• OWASP Top 10 by Troy Hunt - http://www.troyhunt.com/2011/12/free-ebook-owasp-top-10-for-net.html
• Basic Security Practices for Web Applications - http://msdn.microsoft.com/en-us/library/zdh19h94(v=vs.100).aspx
• ASP.NET MVC Security - http://www.asp.net/mvc/overview/security
• Combating ClickJacking With X-Frame-Options - http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx
• AntiXSS Toolkit - http://wpl.codeplex.com/
• ASafaWeb - https://asafaweb.com/
• ASP.NET Security Wiki - http://wiki.asp.net/page.aspx/27/security/
IIS Resources
• Security Guidance for IIS - http://technet.microsoft.com/en-us/library/dd450371.aspx
• IIS Lockdown tool - http://technet.microsoft.com/en-us/library/dd450372(v=ws.10).aspx
• URLScan – http://www.iis.net/learn/extensions/working-with-urlscan
• IIS Configuring security - http://learn.iis.net/page.aspx/88/configuring-security/
• IIS Security Tools - http://www.iis.net/community/Security
• Penetration Testing Tools list - http://projects.webappsec.org/w/page/13246988/Web%20Application%20Security%20Scanner%20List
No comments:
Post a Comment