From the course: Security in ASP.NET Core

OWASP Top Ten - ASP.NET Tutorial

From the course: Security in ASP.NET Core

Start my 1-month free trial Buy for my team

OWASP Top Ten

- [Instructor] Whenever you think about the topic of web application security, there is one source that comes to mind. It's the OWASP Top 10 List, a list of the top 10 security risks for web applications. OWASP is the Open Web Application Security Project. You see the website here on owasp.org. OWASP is a non-for-profit organization, providing a wealth of information on web application security, including events, both virtually and in person, documentation, checklists, software tools, and their flagship project, well, to be honest, one of their flagship projects, but probably the best known one, which is also top on that Projects list here, and there are many more, you just see a selection, is the OWASP Top 10. The OWASP Top 10 lists the top web application security risks. So it's not just attacks, it is risks. That list is updated every three to four years. It's using a very data-driven approach, using information from companies and individuals that do security audits, which kind of weakness was found, how often, and then there is some number crunching, and in the end, you will get a list of, well, 10 different web application security risks. Lots of information for each of those risks, and of course, countermeasures. The OWASP Top 10 is an awareness document, so it doesn't really matter whether a risk is on number, say, five or number six on that list. Everything on that list is paramount to know for everyone working on a web application. We will not use that list as our agenda for this course, but I always like to reference it because of its importance and its status as a de facto standard. We will have a more attack-based view on things, so we will start by looking at attacks that are possible in our H+ board web application, and then we'll see how we can mitigate those attacks with ASP.NET Core.

Contents