Learn about common vulnerabilities in ASP.NET web applications and practical security solutions to mitigate the risks.
Overview
Syllabus
Introduction
- Unhackable ASP.NET applications
- Security is important!
- What you should know
- Sample application introduction
- Sample application tour
- OWASP Top 10
- Cross-site scripting (XSS): The attack
- Cross-site scripting (XSS): The defense
- Cross-site scripting (XSS) in JavaScript
- Same-origin policy and CORS
- Enabling CORS in ASP.NET Web API
- SQL injection with ADO.NET
- SQL injection with Entity Framework
- Fixing SQL injection
- Cross-Site Request Forgery (CSRF)
- Defending against CSRF
- Storing secrets in Web.config
- Externalizing Web.config settings
- Encrypting Web.config
- Azure Key Vault
- Managing the Key Vault with Azure Shell
- Password hashing
- Adding password hashing to the app
- On IdentityServer
- Configuring IdentityServer
- Authenticating against IdentityServer
- Authenticating in the app
- Authorizing against IdentityServer
- Authorizing in the app
- Introduction
- Securing cookies
- Securing sessions
- Setting cookie attributes in the app
- Enforcing HTTPS
- Error handling
- Hiding server information
- Hiding more server information
- Security HTTP headers
- Next steps
Taught by
Christian Wenz
