Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Pluralsight

Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core

via Pluralsight

Overview

We think of XML, JSON and binary serialized data as a way to exchange data between applications, but these data formats can also be used by hackers to attack your applications. This course will teach you how you can prevent them.

When we think of attacks on websites and applications, we often think about things like SQL Injection, Cross site request forgery, or attacks on our authentication layer. However, there are other avenues of attack into our applications and these can occur any time our application has to read in XML or JSON or binary data and deserialize that data. This course, Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core, talks about three such attacks: the XML External Entities (XXE) attack, the XML bomb or Billion laughs attack and the Insecure deserialization family of attacks. Two of these attacks, the XML External Entities and Insecure deserialization attack are important enough that they were each placed on the OWASP top 10 list for 2017. When you are finished with this course, you will learn what each of these attacks seeks to do, how they work and most importantly, how to defend your .NET applications against them.

Taught by

David Berry

Reviews

4.6 rating at Pluralsight based on 19 ratings

Start your review of Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.