Tuesday, December 27, 2011

OWASP Top 10 for .NET Developers

http://www.troyhunt.com/2011/12/free-ebook-owasp-top-10-for-net.html

This article includes a link to a free eBook​ that includes content from all the related blog posts.

Excerpts from the author:
I knew – and many of us know – that unsalted hashes are vulnerable to a rainbow attack but I’d never actually executed one of these attacks myself. So I did. Same again on sniffing packets; knowing that lack of transport protection leaves network traffic vulnerable is one thing, sitting in the car outside McDonald’s and actually capturing wifi traffic and hijacking the session (my own, that is!) is another thing altogether.

My analysis:
Completed just the first topic so far. It's nice to see a step-by-step approach that shows the vulnerabilities being exploited, and ways to reduce those risks.

No comments:

Post a Comment