Thursday, 4 October 2018

OWASP Top 10 Project: Security Vulnerabilities for ASP.NET

What Is OWASP?

  • The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications and APIs that can be trusted.

What Are The Latest OWASP Top 10 Vulnerabilities?
  1.   Injection
  2.   Broken Authentication
  3.   Sensitive Data Exposure
  4.   XML External Entities (XXE)
  5.   Broken Access Control
  6.   Security Misconfiguration
  7.   Cross-Site Scripting (XSS)
  8.   Insecure Deserialization
  9.   Using Components with Known Vulnerabilities
  10.   Insufficient Logging & Monitoring

What are the default access modifiers in C#



                    | Default   | Permitted declared accessibilities
------------------------------------------------------------------
namespace            | public    | none (always implicitly public)

enum                 | public    | none (always implicitly public)

interface            | internal  | public, internal

class                | internal  | public, internal

struct               | internal  | public, internal

delegate             | internal  | public, internal
Nested type and member accessiblities
                     | Default   | Permitted declared accessibilities
------------------------------------------------------------------
namespace            | public    | none (always implicitly public)

enum                 | public    | none (always implicitly public)

interface            | public    | none

class                | private   | All¹

struct               | private   | public, internal, private²

delegate             | private   | All¹

constructor          | private   | All¹

interface member     | public    | none (always implicitly public)

method               | private   | All¹

field                | private   | All¹

user-defined operator| none      | public (must be declared public)
¹ All === public, protected, internal, private, protected internal
² structs cannot inherit from structs or classes (although they can, interfaces), hence protected is not a valid modifier