OWASP (Part 4 of 4): Misconfiguration and Data Encryption

In this course we'll be digging more deeply into the OWASP Threat list. How vulnerable are you if your frameworks, servers and applications are not configured correctly, left in out-of-the-box configurations, or are not kept up-to-date? Then we'll move into Sensitive Data Exposure and techniques to store data. Finally, we'll cover insecure versus secure cryptography, what data needs to be protected, and why you should protect it.

Lesson 1:

• A5 - Security Misconfiguration
• Demo: Security Misconfig Wiki
• Demo: Am I Vulnerable?
• Demo: Security Misconfig Cont..

Lesson 2:

• Security Recommendations
• Demo: Exception Handling
• Demo: Custom Errors
• Demo: Error Settings
• Demo: nuGet.

Lesson 3:

• A6 - Sensitive Data Exposure
• 2013 Top 10 List - This Course
• Sensitive Data Exposure
• Demo: Data Exposure Wiki
• Demo: Am I Vulnerable?
• Demo: References.

Lesson 4:

• What Data Should You Protect?
• Encryption and Hashing
• Demo: Hasing and Salting
• Demo: Secure Salt
• Demo: Salted Passwords
• Demo: AspNetUser Table
• Keeping Secrets - Encryption.

Lesson 5:

• A7 - Missing Access Control
• 2013 Top 10 List - This Course
• Function Level Access Control
• Demo: Access Control Wiki
• Demo: Am I Vulnerable?
• Demo: ASVS.