Web/Services Security Talk @ San Diego.NET User Group

Andrew Karcher, SQL Server MVP invited me to speak to San Diego .NET user group this Tuesday. The topic of my talk was Secure Code Top 10 (OWASP) for Service Oriented Architectures and the presentation slides can be downloaded from here. Links from the talk follow.

Web Service Security Cheat Sheet
https://www.owasp.org/index.php/Web_Service_Security_Cheat_Sheet

OWASP web Goat.NET
https://www.owasp.org/index.php/Category:OWASP_WebGoat.NET

WCF Security Fundamentals
http://msdn.microsoft.com/en-us/library/ff650862.aspx

WebGoat.NET Github (Web Forms)
https://github.com/jerryhoff/WebGoat.NET

WebGoat.NET Github (MVC)
https://github.com/kahanu/webgoat.mvc

Nonce
http://en.wikipedia.org/wiki/Cryptographic_nonce

OWASP
https://www.owasp.org/index.php/Main_Page

C is for cookie, H is for hacker – understanding HTTP only and Secure cookies
http://www.troyhunt.com/2013/03/c-is-for-cookie-h-is-for-hacker.html

Advance SQL Injection - Havij
http://www.itsecteam.com/products/havij-v116-advanced-sql-injection/

OWASP Top 10 for .NET
http://www.troyhunt.com/2011/12/free-ebook-owasp-top-10-for-net.html

Samy Worm
http://en.wikipedia.org/wiki/Samy_(computer_worm)

HTML encoding in ASP.NET / MVC
http://weblogs.asp.net/scottgu/archive/2010/04/06/new-lt-gt-syntax-for-html-encoding-output-in-asp-net-4-and-asp-net-mvc-2.aspx

HTMLEncodig in Razor
http://stackoverflow.com/questions/4973504/turn-off-html-encoding-in-razor

How Hackers Stole 200,000+ Citi Accounts Just By Changing Numbers In The URL
How Hackers Stole 200,000+ Citi Accounts Just By Changing Numbers In The URL

6.5 Million Encrypted LinkedIn Passwords Leaked Online
http://www.tomsguide.com/us/LinkedIN-Calendar-iOS-Hack-passwords,news-15464.html

StuxNet
http://en.wikipedia.org/wiki/Stuxnet

Flame
http://en.wikipedia.org/wiki/Flame_(malware)

Rainbow Tables
http://en.wikipedia.org/wiki/Rainbow_table

Preventing Cross-Site Request Forgery (CSRF) Attacks
http://www.asp.net/web-api/overview/security/preventing-cross-site-request-forgery-(csrf)-attacks

Happy Coding!

 

Share