LOGO For Immediate Assistance Call 855-211-9361

Enterprise

Securing ASP.NET Applications - OWASP Top 10 Security Vulnerabilities for PCI Compliance

Price:

Call for availability 855-211-9361

This instructor-led OWASP training course guides you through the top ten security vulnerabilities of JSP Web sites. The credit card industry (PCI) requires compliance to the Data Security Standard, which means that all software developers need to be aware of the Open Web Application Security Project (OWASP) top ten vulnerabilities. Using the OWASP top ten list, this course explains the vulnerability, provides samples of the flaw, and through hands-on exercises provides solutions to protect the application, and provides tests to check site security. This course satisfies PCI Data Security Standard Requirements for custom software developer training.

Course Overview

By the end of the class students will be able to:

  • Describe the OWASP Project
  • Understand Secure Coding Principles
  • aTake action to secure their code against the top ten vulnerabilities
  • Use Best Practices for Input Validation
  • Perform Threat Risk Modeling
  • Manage Access using Authentication & Authorization

Prerequisites

Participants should be experienced ASP.NET developers. The course is taught using C#, but students can work with VB.NET if they prefer.

Course Outline

  • Overview of the OWASP Project

  • Secure Coding Principles

  • Top Ten

    • Cross Site Scripting
    • Injection Flaws
    • Malicious File Execution
    • Insecure Direct Object Reference
    • Cross Site Request Forgery
    • Information Leakage and Improper Error Handling
    • Broken Authentication and Session Management
    • Insecure Cryptographic Storage
    • Insecure Communications
    • Failure to Restrict URL Access
  • Input Validation Best Practices

  • Whitelist vs Blacklist

  • Regular Expressions

  • Validation points & Frameworks

  • Threat Risk Modeling

  • Summary of E-Commerce Requirements

  • Phishing Attacks

  • Managing Access Authentication & Authorization

  • Conclusion