In ASP.NET Core Security, you will learn how to:
Understand and recognize common web app attacks
Implement attack countermeasures
Use testing and scanning tools and libraries
Activate built-in browser security features from ASP.NET
Take advantage of .NET and ASP.NET Core security APIs
Manage passwords to minimize damage from a data leak
Securely store application secrets
ASP.NET Core Security teaches you the skills and countermeasures you need to keep your ASP.NET Core apps secure from the most common web application attacks. With this collection of practical techniques, you will be able to anticipate risks and introduce practices like testing as regular security checkups. You’ll be fascinated as the author explores real-world security breaches, including rogue Firefox extensions and Adobe password thefts. The examples present universal security best practices with a sharp focus on the unique needs of ASP.NET Core applications.
Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
About the technology
Your ASP.NET Core applications are under attack now. Are you ready? Th ere are specific countermeasures you can apply to keep your company out of the headlines. This book demonstrates exactly how to secure ASP.NET Core web applications, including safe browser interactions, recognizing common threats, and deploying the framework’s unique security APIs.
About the book
ASP.NET Core Security is a realistic guide to securing your web applications. It starts on the dark side, exploring case studies of cross-site scripting, SQL injection, and other weapons used by hackers. As you go, you’ll learn how to implement countermeasures, activate browser security features, minimize attack damage, and securely store application secrets. Detailed ASP.NET Core code samples in C# show you how each technique looks in practice.
What's inside
Understand and recognize common web app attacks
Testing tools, helper libraries, and scanning tools
Activate built-in browser security features
Take advantage of .NET and ASP.NET Core security APIs
Manage passwords to minimize damage from a data leak
About the reader
For experienced ASP.NET Core web developers.
Table of Contents
PART 1 FIRST STEPS
1 On web application security
PART 2 MITIGATING COMMON ATTACKS
2 Cross-site scripting (XSS)
3 Attacking session management
4 Cross-site request forgery
5 Unvalidated data
6 SQL injection (and other injections)
PART 3 SECURE DATA STORAGE
7 Storing secrets
8 Handling passwords
PART 4 CONFIGURATION
9 HTTP headers
10 Error handling
11 Logging and health checks
PART 5 AUTHENTICATION AND AUTHORIZATION
12 Securing web applications with ASP.NET Core Identity
13 Securing APIs and single page applications
PART 6 SECURITY AS A PROCESS
14 Secure dependencies
15 Audit tools
16 OWASP Top 10
About the author
Christian Wenz is a web pioneer, technology specialist, and entrepreneur. Since 1999, he has written over 100 books on web technologies and related topics, which have been translated into ten languages. In his day job, he consults enterprises on digitization and Industry 4.0. A fixture at international developer conferences, he has presented on three continents. Christian has been an MVP for ASP.NET since 2004, is the lead author of the official PHP certification, and sporadically contributes to OSS projects. He holds university degrees in computer science and business informatics and is a two-time recipient of a Knuth award check.
Ebook License
End-User Warranty And License Agreement
1. Grant Of License
Manning Has Authorized The Download By You Of An Unrestricted Number Of Copies Of The Electronic Book (Ebook) In Any Of The Available Formats. Manning Grants You A Nonexclusive, Nontransferable License To Use The Ebook According To The Terms And Conditions Herein. This License Agreement Permits You To Install The Ebook On Any And All Your Devices For Your Personal Use Only.
2. Restrictions
You Shall Not: (1) Share, Resell, Rent, Assign, Timeshare, Distribute, Or Transfer All Or Part Of The Ebook Or Any Rights Granted Hereunder To Any Other Person; (2) Duplicate The Ebook, Except For A Single Backup Or Archival Copy; (3) Remove Any Proprietary Notices, Labels, Or Marks From The Ebook; (4) Transfer Or Sublicense Title To The Ebook To Any Other Party.
3. Intellectual Property Protection
The Ebook Is Owned By Manning And Is Protected By United States And International Copyright And Other Intellectual Property Laws. Manning Reserves All Rights In The Ebook Not Expressly Granted Herein. This License And Your Right To Use The Ebook Terminate Automatically If You Violate Any Part Of This Agreement. In The Event Of Termination, You Must Remove The Original And Any Copies Of The Ebook From All Your Devices.
4. Source Code Supplementary Material
Any Source Code Files Provided As A Supplement To The Book Are Freely Available To The Public For Download. Reuse Of The Code Is Permitted, In Whole Or In Part, Including The Creation Of Derivative Works, Provided That You Acknowledge That You Are Using It And Identify The Source: Title, Publisher And Year.
5. Limited Warranty
Manning Warrants That The Ebook Files, A Copy Of Which You Are Authorized To Download, Are Free From Defects In The Operational Sense That They Can Be Read By A Pdf Reader Or Epub Reader, Or Other. Except For This Express Limited Warranty, Manning Makes And You Receive No Warranties, Express, Implied, Statutory Or In Any Communication With You, And Manning Specifically Disclaims Any Other Warranty Including The Implied Warranty Of Merchantability Or Fitness Or A Particular Purpose. Manning Does Not Warrant That The Operation Of The Ebook Will Be Uninterrupted Or Error Free. If The Ebook Was Purchased In The United States, The Above Exclusions May Not Apply To You As Some States Do Not Allow The Exclusion Of Implied Warranties. In Addition To The Above Warranty Rights, You May Also Have Other Rights That Vary From State To State.
6. Limitation Of Liability
In No Event Will Manning Be Liable For Any Damages, Whether Arising For Tort Or Contract, Including Loss Of Data, Lost Profits, Or Other Special, Incidental, Consequential, Or Indirect Damages Arising Out Of The Use Or Inability To Use The Ebook.
7. General
This Agreement Constitutes The Entire Agreement Between You And Manning And Supersedes Any Prior Agreement Concerning The Ebook. This Agreement Is Governed By The Laws Of The State Of New York
