ASP.NET: Security

ASP.NET: Security
ASP.NET: Security
English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 2h 26m | 2.26 GB

As many as nine out of ten web applications have security vulnerabilities. Luckily, ASP.NET developers have a multitude of security tools at their disposal, built right into the framework. Once activated, these features can prevent and mitigate the most common and dangerous types of attacks. Learn how to build on the basic security principles you may already know and incorporate practical solutions for defending your ASP.NET web applications. Instructor Christian Wenz explores the risks ASP.NET apps face, including the OWASP Top Ten vulnerabilities, cross-site scripting, and SQL injection, and countermeasures to combat them. Find out how to authenticate users with IdentityServer, store data securely, and harden your site’s configuration with this practical, hands-on course that will transform your ASP.NET apps into impenetrable architectures.

Topics include:

  • OWASP Top Ten vulnerabilities
  • Cross-site scripting
  • SQL injection
  • Cross-site request forgery
  • Storing secrets
  • Encrypting Web.config settings
  • Password hashing
  • Authenticating in the app
  • Securing cookies and sessions
  • Error handling
Table of Contents

1 Unhackable ASP.NET applications
2 Security is important!
3 What you should know
4 Sample application introduction
5 Sample application tour

Mitigating Common Attacks
6 OWASP Top 10
7 Cross-site scripting (XSS) The attack
8 Cross-site scripting (XSS) The defense
9 Cross-site scripting (XSS) in JavaScript
10 Same-origin policy and CORS
11 Enabling CORS in ASP.NET Web API
12 SQL injection with ADO.NET
13 SQL injection with Entity Framework
14 Fixing SQL injection
15 Cross-Site Request Forgery (CSRF)
16 Defending against CSRF

Storing Data
17 Storing secrets in Web.config
18 Externalizing Web.config settings
19 Encrypting Web.config
20 Azure Key Vault
21 Managing the Key Vault with Azure Shell
22 Password hashing
23 Adding password hashing to the app

Starting with IdentityServer
24 On IdentityServer
25 Configuring IdentityServer
26 Authenticating against IdentityServer
27 Authenticating in the app
28 Authorizing against IdentityServer
29 Authorizing in the app

Secure Configuration
30 Introduction
31 Securing cookies
32 Securing sessions
33 Setting cookie attributes in the app
34 Enforcing HTTPS
35 Error handling
36 Hiding server information
37 Hiding more server information
38 Security HTTP headers

39 Next steps