Troy Hunt, a Microsoft MVP, has published a free security eBook for .NET developers. He spent over a year researching these security vulnerabilities and ended up with a 250+ page eBook. He describes in detail the following topics:
- Injection
- Cross-Site Scripting (XSS)
- Broken Authentication and Session Management
- Insecure Direct Object References
- Cross-Site Request Forgery (CSRF)
- Security Misconfiguration
- Insecure Cryptography Storage
- Failure to Restrict URL Access
- Insufficient Transport Layer Protection
- Unvalidated Redirects and Forwards
If you are building websites on Microsoft’s .NET platform, do yourself a favor and check out Troy’s excellent OWASP Top 10 for .NET developers eBook here.