At the end of my talk at DDD North 2 there was a massive amount of URLs for people to reference later. Here is a copy of all of those links
ASP.NET Resource
•Web session management security - http://www.isecpartners.com/files/web-session-management.pdf
•OWASP Top 10 by Troy Hunt - http://www.troyhunt.com/2011/12/free-ebook-owasp-top-10-for-net.html
•ASP.NET Security Guidance - http://wiki.asp.net/page.aspx/48/security-guidelines-and-recommendations/
•MSCASI tool - http://support.microsoft.com/kb/954476
•AntiXSS Toolkit - http://wpl.codeplex.com/
•ASP.NET Security Guidance - http://blogs.msdn.com/b/nunoc/archive/2006/03/04/543631.aspx
•Advice from SDL - http://blogs.msdn.com/b/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx
•ASafaWeb - http://www.asafeweb.com
IIS Resources
•Security Guidance for IIS - http://technet.microsoft.com/en-us/library/dd450371.aspx
•IIS Lockdown tool - http://technet.microsoft.com/en-us/library/dd450372(v=ws.10).aspx
•URLScan – http://www.iis.net/learn/extensions/working-with-urlscan
•IIS Configuring security - http://learn.iis.net/page.aspx/88/configuring-security/
•IIS Security Tools - http://www.iis.net/community/Security
Additional Resources
- Computer Security Vulnerabilities - http://www.security.nnov.ru/
- Top 10 Security Vulnerabilities in .NET Config Files - http://www.devx.com/dotnet/Article/32493/1763/page/1
- 2011 CWE/SANS Top 25 Software Errors - http://cwe.mitre.org/top25/#Brief
- OWASP Top 10 - https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
I will upload a copy of the source files later as a separate post as worked through examples.
Posts
No comments:
Post a Comment