Tonight I'll be speaking at LA .NET Users Group on Practical Web Application Security - A Primer with OWASP Top 10 and ASP.NET/MVC
This session is a developer's introduction to the web application security threats using the OWASP top 10 list of potential security flaws. With examples in ASP.NET and ASP.NET MVC, we will go over some of the common exploits and techniques for writing secure code in the light of OWASP top 10.
The OWASP Top Ten provides a powerful awareness list for web application security and represents a broad consensus about what the most critical web application security flaws are. In this code centric talk, we will discuss built in security features of ASP.NET and MVC such as cross site request forgery token and secure cookies and how to leverage them to write secure code. The OWASP Top 10 Web Application Security Risks for 2010 which will be covered in this presentation include Injection flaws, Cross-Site Scripting (XSS), Broken Authentication and Session Management, Insecure Direct Object References, Cross-Site Request Forgery (CSRF),Security Misconfiguration, Insecure Cryptographic Storage, Failure to Restrict URL Access, Insufficient Transport Layer Protection and Unvalidated Redirects and Forwards.
For details and directions to the meeting, please visit http://ladotnet.org/default.asp
The talk is based on my OWASP Top 10 project on codeplex.
When: Monday, November 01, 2010, 6:30 PM to 9:30 PM
Where: UCLA campus, Center for Health Sciences Room 53-105. * Print our rint our directions page and bring it with you.