After doing a couple of presentations on the OWASP Top 10 list a couple of years back I *tried* to put together a series of viable demos that would help to illustrate the list in a more practical fashion. Unfortunately I got as far as the first two issues and never completed the exercise.

Recently I stumbled upon a really well written blog by Troy Hunt, a Microsoft MVP, who has a clear passion for  security. Troy has created a series of 10 blog posts that illustrate the OWASP top 10 from the  view of the .NET stack and ultimately makes these topics more accessible to developers like us. If you have a few moments please check out his posts (and his blog in general):

  1. Injection
  2. Cross-Site Scripting (XSS)
  3. Broken Authentication and Session Management
  4. Insecure Direct Object References
  5. Cross-Site Request Forgery (CSRF)
  6. Security Misconfiguration
  7. Insecure Cryptographic Storage
  8. Failure to Restrict URL Access
  9. Insufficient Transport Layer Protection
  10. Unvalidated Redirects and Forwards