Home‎ > ‎Past Events‎ > ‎

Event #25 - Feb 28 2013: OWASP Top 10 No-No's

posted Mar 6, 2013, 12:01 PM by Cyprus .Net User Group   [ updated Mar 6, 2013, 12:08 PM ]
Date: 28/02/2013, Nicosia 
Members Present: 6
Location: Microsoft Cyprus Office 
Presentation: OWASP Top 10 No-No's

Once again, a huge thanks to Microsoft Cyprus for hosting our first offline event for 2013 and especially to our good friend Valentinos Georgiades, Developer and Platform Evangelist (Microsoft Cyprus & Malta) for his outstanding and continuous efforts towards supporting our User Group.

This event was dedicated to security focusing on how we can secure our ASP .NET applications during their design, development and deployment. The speaker was Ioannis Stavrinides (MCTS, MCPD, MCITP, MCSA and MCSE). Ioannis (Blog | Twitter) is an active member of our User Group and an information security enthusiast with an extensive application development background.

CDNUG Event 25 - Photo 1

The Open Web Application Security Project (OWASP) periodically publishes, among other, a top 10 awareness document, containing the top 10 most commonly found web application vulnerabilities that are code-related. In this session, Ioannis presented the Top 10 No-No's that need to be taken into serious consideration when designing , developing and deploying ASP.NET web applications.

The top 10 vulnerabilities presented by Ioannis are:
  1. Injection
  2. Cross-Site Scripting (XSS)
  3. Broken Authentication and Session Management
  4. Insecure Direct Object References
  5. Cross-Site Request Forgery (CSRF)
  6. Security Misconfiguration
  7. Insecure Cryptographic Storage
  8. Failure to Restrict URL Access
  9. Insufficient Transport Layer Protection
  10. Unvalidated Redirects and Forwards
Ioannis performed many demos during his session lively illustrating the vulnerabilities and explaining how they can be avoided, thus making a web application more secure. The session was very interesting and some really long discussions followed.

CDNUG Event 25 - Photo 2

You can view/download the presentation from here:

OWASP Top 10 No-Nos

A huge thanks goes to Ioannis for presenting a great session and of course, to our sponsor, Microsoft-Cyprus for hosting the event.

See you again at our next offline event soon!