Learn your way! Get started

OWASP, Part 4: Misconfiguration and Data Encryption

with expert Don Kiely

Watch trailer

OWASP, Part 4: Misconfiguration and Data Encryption Trailer

Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack
  • Power Pack Plus

Release date Release date 10/21/2015
Level Level Intermediate
Runtime Runtime 2h 6m
Platform Platform Major browsers on Windows Major browsers on Windows Major browsers on Mac OSX Major browsers on Mac OSX Mobile Devices Mobile Devices
Closed captioning Closed captioning Included
Transcript Transcript Included
eBooks / courseware eBooks / courseware N/A
Hands-on labs Hands-on labs N/A
Sample code Sample code Included
Exams Exams Included

Enterprise Solutions
Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More

Course description

In this course we'll be digging more deeply into the OWASP Threat list. How vulnerable are you if your frameworks, servers and applications are not configured correctly, left in out-of-the-box configurations, or are not kept up-to-date? Then we'll move into Sensitive Data Exposure and techniques to store data. Finally, we'll cover insecure versus secure cryptography, what data needs to be protected, and why you should protect it.


This course is for users with experience with developing web applications using C# or other object oriented programming languages.

Meet the expert

Don Kiely Don Kiely is a featured instructor on many of our SQL Server and Visual Studio courses. He is a nationally recognized author, instructor, and consultant, specializing in Microsoft technologies. Don has many years of teaching experience, is the author or co-author of several programming books, and has spoken at many industry conferences and user groups. In addition, Don is a consultant for a variety of companies that develop distributed applications for public and private organizations.

Course outline

Security Misconfiguration

Security Misconfiguration (20:49)
  • Introduction (00:55)
  • A5 - Security Misconfiguration (03:33)
  • Demo: Securit Misconfig Wiki (04:42)
  • Demo: Am I Vulnerable? (05:35)
  • Demo: Security Misconfig Cont. (05:32)
  • Summary (00:30)
Misconfiguration Examples (29:16)
  • Introduction (00:41)
  • Security Recommendations (03:10)
  • Demo: Exception Handling (05:59)
  • Demo: Custom Errors (05:19)
  • Demo: Error Settings (08:14)
  • Demo: nuGet (05:01)
  • Summary (00:49)

Data Exposure & Cryptography

Sensitive Data Exposure (31:46)
  • Introduction (01:19)
  • A6 - Sensitive Data Exposure (01:19)
  • 2013 Top 10 List - This Course (00:51)
  • Sensitive Data Exposure (09:30)
  • Demo: Data Exposure Wiki (05:47)
  • Demo: Am I Vulnerable? (05:55)
  • Demo: References (06:21)
  • Summary (00:42)
Insecure Cryptographic Storage (27:00)
  • Introduction (00:55)
  • What Data Should You Protect? (01:44)
  • Encryption and Hashing (02:02)
  • Demo: Hasing and Salting (04:58)
  • Demo: Secure Salt (05:41)
  • Demo: Salted Passwords (03:35)
  • Demo: AspNetUser Table (03:09)
  • Keeping Secrets - Encryption (04:07)
  • Summary (00:47)
Function Level Access Control (17:58)
  • Introduction (00:57)
  • A7 - Missing Access Control (01:23)
  • 2013 Top 10 List - This Course (00:25)
  • Function Level Access Control (07:43)
  • Demo: Access Control Wiki (02:53)
  • Demo: Am I Vulnerable? (02:05)
  • Demo: ASVS (02:00)
  • Summary (00:29)