This session is a hands-on introduction to the web application security threats using the OWASP (Open Web Application Security Project) top 10 list of potential security flaws. The OWASP Top Ten provides a powerful awareness list for web application security and represents a broad consensus about what the most critical web application security flaws are.
Focusing on Microsoft platform with examples in ASP.NETand ASP.NETMVC, we will go over some of the common exploits and techniques for writing secure code in the light of OWASP top 10. In this code centric talk, we will discuss built in security features ofASP.NET and MVC such as cross site request forgery token and secure cookies and how to leverage them to write secure code. The OWASP Top 10 Web Application Security Risks for 2010 which will be covered in this presentation include Injection flaws, Cross-Site Scripting (XSS), Broken Authentication and Session Management, Insecure Direct Object References, Cross-Site Request Forgery (CSRF),Security Misconfiguration, Insecure Cryptographic Storage, Failure to Restrict URL Access, Insufficient Transport Layer Protection and Unvalidated Redirects and Forwards.
Adnan Masood is a Software Engineer and Architect with zeal for solving interesting business and technology problems. With special interest in scalable architectures, application security, algorithm design and development, Adnan has over a decade of hands-on experience in financial services and application service providers. He currently works as a system architect for a financial institution where he develops robust, scalable and secure SOA based middle-tier architectures, distributed systems, and web-applications. He is a Microsoft Certified Trainer holding several technical certifications, including MCPD (Enterprise Developer), MCSD .NET, and SCJP-II. Adnan is attributed and published in print media and on the Web; he is technical editor for upcoming "Microsoft Windows Server AppFabric Cookbook" and also taught Windows Communication Foundation (WCF) courses at the University of California at San Diego. Adnan regularly presents at local code camps and user groups. He is actively involved in the .NET community as co-founder and president of the of San Gabriel Valley .NET Developers group and recipient of INETA Community Champion Award for contributions to the developer community in Southern California.
Adnan holds a Masters degree in Computer Science and currently pursuing a doctorate in Machine Learning; specifically interestingness measures in outliers using belief networks. He also holds systems architecture certification from MIT and SOA Migration, Adoption, and Reuse Technique certificate from SEI, Carnegie Melon University. Adnan can be reached at email@example.com.