This document contains various resources for ASP.NET and IIS security including links to documents on web session management security, the OWASP Top 10, ASP.NET security guidance, tools for detecting vulnerabilities like MSCASI and AntiXSS, advice from SDL on SQL injection, and the ASafaWeb site. It also includes links to guidance and tools for securing IIS like security guidance documents, the IIS Lockdown tool, and URLScan. The document concludes with a list of image credits and contact details.

37. ASP.NET Resources
• Web session management security -
http://www.isecpartners.com/files/web-session-management.pdf
• OWASP Top 10 by Troy Hunt - http://www.troyhunt.com/2011/12/free-
ebook-owasp-top-10-for-net.html
• ASP.NET Security Guidance - http://wiki.asp.net/page.aspx/48/security-
guidelines-and-recommendations/
• MSCASI tool - http://support.microsoft.com/kb/954476
• AntiXSS Toolkit - http://wpl.codeplex.com/
• ASP.NET Security Guidance -
http://blogs.msdn.com/b/nunoc/archive/2006/03/04/543631.aspx
• Advice from SDL -
http://blogs.msdn.com/b/sdl/archive/2008/05/15/giving-sql-injection-
the-respect-it-deserves.aspx
• ASafaWeb - http://www.asafeweb.com

38. IIS Resources
• Security Guidance for IIS -
http://technet.microsoft.com/en-
us/library/dd450371.aspx
• IIS Lockdown tool - http://technet.microsoft.com/en-
us/library/dd450372(v=ws.10).aspx
• URLScan –
http://www.iis.net/learn/extensions/working-with-
urlscan
• IIS Configuring security -
http://learn.iis.net/page.aspx/88/configuring-security/
• IIS Security Tools -
http://www.iis.net/community/Security

39. Image Credits
• highscore -
http://www.flickr.com/photos/83476873@N0
0/4116381
• G is for Goggles -
http://www.flickr.com/photos/60648084@N0
0/2349550374

40. Image credits
• http://www.flickr.com/photos/darwinbell/412631864/sizes/l/in/photostream/
• http://www.flickr.com/photos/splorp/59231687/sizes/l/in/photostream/
• http://www.flickr.com/photos/wecand/5103599890/sizes/l/in/photostream/
• http://www.flickr.com/photos/darwinbell/2382912185/sizes/z/in/photostream/
• http://www.flickr.com/photos/95565118@N00/922632392
• http://www.flickr.com/photos/49968232@N00/4789356849
• http://www.flickr.com/photos/20195637@N00/2322127250
• http://www.flickr.com/photos/lwr/305130907/sizes/z/in/photostream/
• http://www.flickr.com/photos/baboon/4116381/sizes/z/in/photostream/
• http://www.flickr.com/photos/mrlederhosen/4283136097/sizes/l/in/photostream/
• http://www.flickr.com/photos/30799995@N00/4348942883
• http://www.flickr.com/photos/proimos/4199675334/sizes/z/in/photostream/
• http://www.flickr.com/photos/ianvisits/4000931824/sizes/z/in/photostream/
• http://www.flickr.com/photos/21446836@N00/3117966481
• http://www.flickr.com/photos/41754875@N00/1996389857
• http://www.flickr.com/photos/baboon/2057927/sizes/z/in/photostream/
• http://www.flickr.com/photos/baboon/2057927/sizes/z/in/photostream/
• http://www.flickr.com/photos/limowreck666/223731385/sizes/z/in/photostream/
• http://www.flickr.com/photos/72429059@N00/2982093881
• http://www.flickr.com/photos/qusic/3370510628/sizes/z/in/photostream/
• http://www.flickr.com/photos/ubookworm/71288675/sizes/z/in/photostream/
• http://www.flickr.com/photos/8395041@N02/2505803867

41. Contact
• Twitter: @nmerrigan
• Blog: http://www.certsandprogs.com
• Email – via blog
ResourcesContact Details Twitter