As part of Microsoft's online training seminar, Virtual Tech Days, they have a vast amount of training videos available online. One in particular that caught my attention was Top 5 Web Application Security bugs in custom code. Click the link below to see it.
View or download the video.
Normally, we as developers are under immense pressure to develop web applications very quickly in a compressed time frame. That's just the nature of our business. So one of the aspects of web development that is most often overlooked for the sake of time is security. The five mentioned in the video are listed below.
- Authorization Issues
- Clear Text Secrets
- Cross-Site Scripting
- SQL Injection
- Verbose Error Messages
The ironic part of the five security holes mentioned in the video is that each takes a small amount of effort to mitigate. Most can be avoided by implementing best practices or incorporating global functionality in your UI layers. Security of a web application should always be part of the up-front design and planning, but all of these items can be addresses in a reusable library you could plug into every application you write.