ASP.NET: Security
2h 27mIntermediate2019-08-07
Authors

Christian Wenz
Web Pioneer, Technology Specialist, Entrepreneur
Course details
As many as nine out of ten web applications have security vulnerabilities. Luckily, ASP.NET developers have a multitude of security tools at their disposal, built right into the framework. Once activated, these features can prevent and mitigate the most common and dangerous types of attacks. Learn how to build on the basic security principles you may already know and incorporate practical solutions for defending your ASP.NET web applications. Instructor Christian Wenz explores the risks ASP.NET apps face, including the OWASP Top Ten vulnerabilities, cross-site scripting, and SQL injection, and countermeasures to combat them. Find out how to authenticate users with IdentityServer, store data securely, and harden your site's configuration with this practical, hands-on course that will transform your ASP.NET apps into impenetrable architectures.
Learning objectives
OWASP Top Ten vulnerabilities
Cross-site scripting
SQL injection
Cross-site request forgery
Storing secrets
Encrypting Web.config settings
Password hashing
Authenticating in the app
Securing cookies and sessions
Error handling
Learning objectives
OWASP Top Ten vulnerabilities
Cross-site scripting
SQL injection
Cross-site request forgery
Storing secrets
Encrypting Web.config settings
Password hashing
Authenticating in the app
Securing cookies and sessions
Error handling
Skills covered
ASP.NETVisual StudioApplication SecurityFront-End Web DevelopmentCybersecurityWeb DevelopmentMicrosoftDeep Dive (X:Y)
Concepts
0. Introduction
- 01 - Unhackable ASP.NET applications
- 02 - Security is important
- 03 - What you should know
- 04 - Sample application introduction
- 05 - Sample application tour
1. Mitigating Common Attacks
- 06 - OWASP Top 10
- 07 - Cross-site scripting (XSS) - The attack
- 08 - Cross-site scripting (XSS) - The defense
- 09 - Cross-site scripting (XSS) in JavaScript
- 10 - Same-origin policy and CORS
- 11 - Enabling CORS in ASP.NET Web API
- 12 - SQL injection with ADO.NET
- 13 - SQL injection with Entity Framework
- 14 - Fixing SQL injection
- 15 - Cross-Site Request Forgery (CSRF)
- 16 - Defending against CSRF
2. Storing Data
- 17 - Storing secrets in Web.config
- 18 - Externalizing Web.config settings
- 19 - Encrypting Web.config
- 20 - Azure Key Vault
- 21 - Managing the Key Vault with Azure Shell
- 22 - Password hashing
- 23 - Adding password hashing to the app
3. Starting with IdentityServer
- 24 - On IdentityServer
- 25 - Configuring IdentityServer
- 26 - Authenticating against IdentityServer
- 27 - Authenticating in the app
- 28 - Authorizing against IdentityServer
- 29 - Authorizing in the app
4. Secure Configuration
- 30 - Introduction
- 31 - Securing cookies
- 32 - Securing sessions
- 33 - Setting cookie attributes in the app
- 34 - Enforcing HTTPS
- 35 - Error handling
- 36 - Hiding server information
- 37 - Hiding more server information
- 38 - Security HTTP headers
Conclusion
- 39 - Next steps
Related courses
- Securing ASP.NET Core Apps: Advanced Techniques for Web Application Security
- ASP.NET Core Advanced Security Data Protection
- Security in ASP.NET Core
- ASP.NET Core Identity: Authorization Management
- ASP.NET Core Health Checks
- ASP.NET Core: Health Checks and Logging
- Managing App Secrets in .NET Core
- Building Angular and ASP.NET Web API Apps
Related learn paths
- Advance your ASP.NET Developer skills
- Getting Started as an ASP.NET Developer
- Getting Started as an ASP.NET Core Developer
- Prepare for the MTA: Software Development Fundamentals Exam (98-361)
- Become a Back-End Web Developer
- Become a MEAN Javascript Developer
- Prepare for the Microsoft Azure Administrator (AZ-104) Exam
- Explore App Development with the MERN Stack