Explore the security aspects of building ASP.NET Core MVC applications in this 32-minute conference talk from AppSecUSA 2017. Delve into the default security features of ASP.NET Core, a new open-source and cross-platform framework, and learn how it addresses common vulnerabilities like Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). Discover the framework's modular approach and its flexibility in creating secure solutions across Windows, Mac, and Linux platforms. Gain insights from security researcher Niels Tanis as he examines the framework's APIs, demonstrates how to extend security measures, and shows how to validate existing solutions. Cover topics including controllers, data processing, input validation, SameSite cookies, and code analysis limitations. Enhance your understanding of secure application development in the context of ASP.NET Core MVC.
Building Secure ASP.NET Core MVC Applications
Overview
Syllabus
Introduction
ASPNET Core
ModelViewController
Starting a New Project
Controllers
Advanced Controller
Data Processing
Data Assignment
Content Result
Input Validation
SameSide Cookies
Using SameSide Cookies
Code Analysis
Limitations
Conclusion
Taught by
OWASP Foundation
Related Courses
-
Cross Site Request Forgery (CSRF) Prevention for ASP.NET Core and ASP.NET Applications
-
ASP.NET Core 6 Identity and Security (SECOND EDITION)
-
Building an Enterprise Application with ASP.NET Core MVC
-
ASP.NET Core SPA Cookie Authentication vs XSRF - Securing Against Cross-Site Attacks
-
Basic Web Applications Security
-
ASP.NET Core Meets OWASP Top 10
