Monday, 19 December 2011

Free eBook: OWASP Top 10 for .NET developers

Monday, 19 December 2011

Writing this series was an epic adventure in all senses of the word:

Duration – 19 months to complete a blog series, for crying out loud!

Content – approaching 50,000 words, not including all the discussion in comments.

Effort – some of the posts, such as transport layer security, probably approached 100 hours of reading, trialling, experimenting and finally, writing and proofing. This is why there was a four month “hiatus” before that post!

But most of all, it was an epic learning adventure for me. Writing the series forced me to know this content in depth, not just the depth that facilitates casual conversation and allows me to send people off to figure out how to fix their flaws, but the depth to really get to grips with these risks, ensure I could exploit them and then make sure I could fix them again.

For example, I knew – and many of us know – that unsalted hashes are vulnerable to a rainbow attack but I’d never actually executed one of these attacks myself. So I did. Same again on sniffing packets; knowing that lack of transport protection leaves network traffic vulnerable is one thing, sitting in the car outside McDonald’s and actually capturing wifi traffic and hijacking the session (my own, that is!) is another thing altogether.

Looking back on it, I’m really happy with what I’ve produced. It’s been a great experience for me and by all accounts, it’s been very well received by the .NET and OWASP communities as well. It turns out I might have actually produced something pretty useful!

So I decided to turn it into an eBook. Oh – and give it away for free. No strings attached. So here it is, 255 pages of .NET web development security goodness. Please share it generously, chuck it on your eBook reader, email it to your mates, quote me, force your developers to print and read every page – whatever – it’s all yours:

OWASP Top 10 for .NET developers eBook

[ click to download ]

If you find it useful, leave me a comment, flick me an email or fire me through a tweet as the feedback really is appreciated. Happy reading and happy holidays everyone.

Tags:

comments powered by Disqus

Leaving comments is awesome, please do. All I ask is that you be nice and if in doubt, read Comments on troyhunt.com for guidance.