ASP.NET Core 5 Secure Coding Cookbook
Practical recipes for tackling vulnerabilities in your ASP.NET web applications
1st Edition
Published on 3. June 2024
324 pages
978-1-80107-902-0 (ISBN)
Description
Learn how to secure your ASP.NET Core web app through robust and secure codeKey Features - Discover the different types of security weaknesses in ASP.NET Core web applications and learn how to fix them
- Understand what code makes an ASP.NET Core web app unsafe
- Build your secure coding knowledge by following straightforward recipes
Book DescriptionASP.NET Core developers are often presented with security test results showing the vulnerabilities found in their web apps. While the report may provide some high-level fix suggestions, it does not specify the exact steps that you need to take to resolve or fix weaknesses discovered by these tests. In ASP.NET Secure Coding Cookbook, you'll start by learning the fundamental concepts of secure coding and then gradually progress to identifying common web app vulnerabilities in code. As you progress, you'll cover recipes for fixing security misconfigurations in ASP.NET Core web apps. The book further demonstrates how you can resolve different types of Cross-Site Scripting. A dedicated section also takes you through fixing miscellaneous vulnerabilities that are no longer in the OWASP Top 10 list. This book features a recipe-style format, with each recipe containing sample unsecure code that presents the problem and corresponding solutions to eliminate the security bug. You'll be able to follow along with each step of the exercise and use the accompanying sample ASP.NET Core solution to practice writing secure code. By the end of this book, you'll be able to identify unsecure code causing different security flaws in ASP.NET Core web apps and you'll have gained hands-on experience in removing vulnerabilities and security defects from your code.What you will learn - Understand techniques for squashing an ASP.NET Core web app security bug
- Discover different types of injection attacks and understand how you can prevent this vulnerability from being exploited
- Fix security issues in code relating to broken authentication and authorization
- Eliminate the risks of sensitive data exposure by getting up to speed with numerous protection techniques
- Prevent security misconfiguration by enabling ASP.NET Core web application security features
- Explore other ASP.NET web application vulnerabilities and secure coding best practices
Who this book is forThis ASP.NET Core book is for intermediate-level ASP.NET Core web developers and software engineers who use the framework to develop web applications and are looking to focus on their security using coding best practices. The book is also for application security engineers, analysts, and specialists who want to know more about securing ASP.NET Core using code and understand how to resolve issues identified by the security tests they perform daily.
- Understand what code makes an ASP.NET Core web app unsafe
- Build your secure coding knowledge by following straightforward recipes
Book DescriptionASP.NET Core developers are often presented with security test results showing the vulnerabilities found in their web apps. While the report may provide some high-level fix suggestions, it does not specify the exact steps that you need to take to resolve or fix weaknesses discovered by these tests. In ASP.NET Secure Coding Cookbook, you'll start by learning the fundamental concepts of secure coding and then gradually progress to identifying common web app vulnerabilities in code. As you progress, you'll cover recipes for fixing security misconfigurations in ASP.NET Core web apps. The book further demonstrates how you can resolve different types of Cross-Site Scripting. A dedicated section also takes you through fixing miscellaneous vulnerabilities that are no longer in the OWASP Top 10 list. This book features a recipe-style format, with each recipe containing sample unsecure code that presents the problem and corresponding solutions to eliminate the security bug. You'll be able to follow along with each step of the exercise and use the accompanying sample ASP.NET Core solution to practice writing secure code. By the end of this book, you'll be able to identify unsecure code causing different security flaws in ASP.NET Core web apps and you'll have gained hands-on experience in removing vulnerabilities and security defects from your code.What you will learn - Understand techniques for squashing an ASP.NET Core web app security bug
- Discover different types of injection attacks and understand how you can prevent this vulnerability from being exploited
- Fix security issues in code relating to broken authentication and authorization
- Eliminate the risks of sensitive data exposure by getting up to speed with numerous protection techniques
- Prevent security misconfiguration by enabling ASP.NET Core web application security features
- Explore other ASP.NET web application vulnerabilities and secure coding best practices
Who this book is forThis ASP.NET Core book is for intermediate-level ASP.NET Core web developers and software engineers who use the framework to develop web applications and are looking to focus on their security using coding best practices. The book is also for application security engineers, analysts, and specialists who want to know more about securing ASP.NET Core using code and understand how to resolve issues identified by the security tests they perform daily.
All prices
More details
Persons
Canlas Roman :
Roman Canlas is a Senior Application Security Engineer working at a Fortune 500 company where he successfully established its global Application Security program from the ground up. His years of experience as a developer-led him to be an expert in Secure Code reviews and Static Application Security testing, focusing on web technologies. Roman held multiple certifications; the GIAC Web Application Penetration Tester (GWAPT), ISC2's Certified Secure Software Lifecycle Professional (CSSLP), and EC-Council's Certified Application Security Engineer in.NET (CASE.NET). Roman also has a Master's degree in Information Systems and a Bachelors in Computer Science.Price Ed :
Ed Price is a Senior Program Manager in Engineering at Microsoft, with an MBA in technology management. He leads Microsoft's efforts to publish Reference Architectures on the Azure Architecture Center. Previously, he drove datacenter deployment and customer feedback, and he ran Microsoft's customer feedback programs for Azure development, Service Fabric, IoT, Functions, and Visual Studio. He was also a technical writer at Microsoft for 6 years and helped lead TechNet Wiki. He is the co-author of five books, including Learn to Program with Small Basic and ASP.NET Core 5 for Beginners from Packt.
Roman Canlas is a Senior Application Security Engineer working at a Fortune 500 company where he successfully established its global Application Security program from the ground up. His years of experience as a developer-led him to be an expert in Secure Code reviews and Static Application Security testing, focusing on web technologies. Roman held multiple certifications; the GIAC Web Application Penetration Tester (GWAPT), ISC2's Certified Secure Software Lifecycle Professional (CSSLP), and EC-Council's Certified Application Security Engineer in.NET (CASE.NET). Roman also has a Master's degree in Information Systems and a Bachelors in Computer Science.Price Ed :
Ed Price is a Senior Program Manager in Engineering at Microsoft, with an MBA in technology management. He leads Microsoft's efforts to publish Reference Architectures on the Azure Architecture Center. Previously, he drove datacenter deployment and customer feedback, and he ran Microsoft's customer feedback programs for Azure development, Service Fabric, IoT, Functions, and Visual Studio. He was also a technical writer at Microsoft for 6 years and helped lead TechNet Wiki. He is the co-author of five books, including Learn to Program with Small Basic and ASP.NET Core 5 for Beginners from Packt.
Content
Table of Contents - Secure Coding Fundamentals
- Injection Flaws
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting
- Insecure Deserialization
- Using components with known vulnerabilities
- Insufficient Logging and Monitoring
- Miscellaneous Vulnerabilities
- Best Practices
- Injection Flaws
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting
- Insecure Deserialization
- Using components with known vulnerabilities
- Insufficient Logging and Monitoring
- Miscellaneous Vulnerabilities
- Best Practices
