Resources
Learn by doing
Certification syllabus. The exam will cover the following topics
Input Validation Mechanisms
----------------------------------------------------------------
Cross-Site Scripting / XSS
----------------------------------------------------------------
SQL Injection / SQLi
----------------------------------------------------------------
XML External Entity attack / XXE
----------------------------------------------------------------
Cross-Site Request Forgery / CSRF / XSRF
https://learn.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-7.0
----------------------------------------------------------------
Encoding, Encryption and Hashing
----------------------------------------------------------------
Authentication related Vulnerabilities
Password Storage and Password Policy
----------------------------------------------------------------
Understanding of OWASP Top 10 Vulnerabilities
----------------------------------------------------------------
Security Best Practices and Hardening Mechanisms.
Checkout hacksplaining/prevention stuff on the other topics and owasp prevention pages.
----------------------------------------------------------------
TLS security
TLS Certificate Misconfiguration
Symmetric and Asymmetric Ciphers
----------------------------------------------------------------
Server-Side Request Forgery
https://hideandsec.sh/books/web-03c/page/ssrf-series
----------------------------------------------------------------
Authorization and Session Management related flaws
Insecure Direct Object Reference (IDOR) / BOLA
Parameter Manipulation attacks
----------------------------------------------------------------
Insecure File Uploads
https://www.hacksplaining.com/prevention/file-upload
https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload
----------------------------------------------------------------
Code Injection Vulnerabilities
https://portswigger.net/research/server-side-template-injection
Not code injection, but similar topic https://www.hacksplaining.com/prevention/command-execution
----------------------------------------------------------------
Business Logic Flaws
----------------------------------------------------------------
Directory Traversal Vulnerabilities
----------------------------------------------------------------
Security Misconfigurations.
----------------------------------------------------------------
Information Disclosure.
----------------------------------------------------------------
Vulnerable and Outdated Components.
----------------------------------------------------------------
Common Supply Chain Attacks and Prevention Methods.