OWASP Mitigations for .NET

Developers wanting to learn about the OWASP Top 10 and how to mitigate against them in .NET.


Expected Duration
206 minutes

The Open Web Application Security (OWASP) Project is an initiative to track and report on the most prevalent and most dangerous web application exploits. This course follows a ‘Defense-In-Depth’ strategy of assessing each layer of your .NET web application and applying the OWASP Top 10 principles to mitigate against these threats. This course is one of a series in the SkillSoft learning path that covers the OWASP Top 10.


General .NET Application Mitigations

  • start the course
  • recognize how error message handling can be exploited and how to deal with this
  • recognize how to encrypt relevant sections of the .NET configuration files
  • recognize how to handle security when using NuGet packages
  • describe when and how to use encryption in .NET
  • recognize how asymmetric encryption works in .NET
  • describe how to mitigate against command injection at the base .NET Framework level

Data Layer Mitigations

  • describe SQL Injection and how to mitigate against it
  • identify the SQL Server authentication models
  • identify mitigations to Insecure Direct Object Reference at the database level
  • describe password hashing and its application
  • describe how inadequately releasing types can lead to Denial of Service

API/Service Layer Mitigations

  • describe CORS Preflight requests and how to secure them in ASP.NET Web API
  • recognize where and how to implement authorization in ASP.NET Web API
  • recognize where and how to implement authorization in WCF
  • identify the authentication types in web-hosted .NET projects and configure them in IIS and in configuration files
  • recognize the impacts of various web.config file settings
  • describe SSL/HTTPS security

Web Layer Mitigations

  • describe how to mitigate web parameter tampering in ASP.NET MVC and JavaScript
  • describe JavaScript behaviors that can lead to security breaches and how to mitigate against them
  • describe how to appropriate encode output into a page to avoid script injection, XSS, and other exploits
  • recognize how the built-in validation capabilities in ASP.NET and ASP.NET MVC protect against attacks
  • describe how session state works in ASP.NET and ASP.NET MVC
  • implement password policies in ASP.NET and ASP.NET MVC
  • describe multi-factor authentication and how it can be implemented in ASP.NET MVC
  • list appropriate approaches to capturing, storing, validating, and resetting user passwords
  • describe the HttpOnly Cookie Flag and how to apply it in ASP.NET and ASP.NET MVC
  • use the Microsoft Anti-cross Site Scripting Library
  • implement authorization in ASP.NET MVC
  • allow your users to authenticate against external login providers like Microsoft, Twitter, Facebook and Google

Practice: Security Mitigation

  • identify mitigations for OWASP Top 10 violations in a given scenario





Multi-license discounts available for Annual and Monthly subscriptions.