OWASP Security Controls for Microsoft Web 


Category: Web Security; Development

Max Number of users:

Number of Hours: 12 hours (2 days, 6 hours a day)


Trainer: Fadi Abdulwahab, Cloud and Web Security Certified

Experience: 11 years

About Me:

Author for SharePoint 2013 book, focus on building Secure applications. Specialties in: SharePoint Server, ASP.NET/C#, Azure and AWS, Web Security, SQL Server and High Availability/Disaster Recovery Solutions.

Recognized as

  • Microsoft Community Contributor in July 2013
  • (ISC) 2 – CSSLP® Certified Secure Software Lifecycle Professional in July 2015
  • AWS Solutions Architect – Associate certification in Feb 2017

About the workshop:

Security is becoming an increasingly important concern during the lifecycle of developing application especially for applications accessible over the internet.

In this workshop, you will learn a lot of concepts and terms that will help you to enter the world of web security depending on the best standards and methods of OWASP organization and other projects provided by this organization.

You will learn how to develop a secure Web application that prevents the most recent vulnerabilities that may affect your application by identifying the security controls available in Microsoft technologies like in ASP.NET and SQL Server to protect your application against the common risks in OWASP TOP 10 including exercises to understand the risks and steps to prevent or mitigate them.

Workshop Index:

  • Introduction to Web Security
  • OWASP Top 10 Most Critical Web Application Security Risks
  • Security Controls against Injection risk
  • Security Controls against Broken Authentication and Session Management risk
  • Security Controls against Cross-Site Scripting
  • Security Controls against Insecure Direct Object References
  • Security Controls against Security Misconfiguration
  • Security Controls against Sensitive Data Exposure
  • Security Controls against Missing Function Level Access Control
  • Security Controls against Cross-Site Request Forgery
  • Security Controls against Using Known Vulnerable Components
  • Security Controls against Unvalidated Redirects and Forwards
  • What’s new in OWASP Top 10 – 2017
  • OWASP Proactive Controls project
  • OWASP Application Security Verification Standard Project

Get in touch via if you’d like further information.