Web Application Security Bootcamp

Web Application Security Bootcamp

Speaker: Christian Wenz

 

Abstract:

According to a study, 9 out of 10 web applications have security vulnerabilities. However in this day and age, there is no real excuse for sites that can be easily attacked. .NET provides countermeasures against most common attacks, and modern web browsers include additional safeguards in form of HTTP headers and other security features.
This tutorial provides you with best practices to write code that is as secure as possible. You will see various attacks and of course countermeasures from a .NET perspective. We will also try to find vulnerabilities in an existing application, and draw some conclusions from that. At the end of the day, you will be aware of both the common (and uncommon) security risks for web applications, and how to mitigate them.

 

Objectives:

– Understand common security risks for web applications
– Learn about countermeasures specific to ASP.NET Core
– Understand browser security features, and how to use them

 

Topics covered:

Attacks: Cross-site Scripting, Cross-Site Request Forgery, mass assignment, session management attacks, SQL injection, and a few more unommon ones.

Countermeasures: Content Security Policy, security-related cookie flags, various other HTTP headers, APIs and features from ASP.NET Core

 

Intended audience:

Developers with basic knowledge of ASP.NET Core.

 

Required equipment:

Windows laptop.

 

Required software:

Web browser (preferably not Internet Explorer)

 

Workshop type:

Lecture + hands-on.