Understand and stop the hacks you read about in the headlines! This practical guide includes secure code samples, built-in ASP.NET tools, and insider techniques to help your web applications stay safe and secure. ASP.NET Core Security delivers the skills and countermeasures you need to keep your ASP.NET apps secure from the most common web application attacks.

It gives you an invaluable security mindset to help you anticipate risks and introduce practices like testing as regular security check-ups. The examples focus on the unique needs of ASP.NET applications, and also offer universal security best practices essential for any professional web developer.

Christian Wenz is a web pioneer, technology specialist, and entrepreneur. Since 1999, he has written close to 150 books on web technologies and related topics, which have been translated into ten languages. In his day job, he consults enterprises on digitization and Industry 4.0. A fixture at international developer conferences, he has presented on three continents. Christian has been an MVP for ASP.NET since 2004, is the lead author of the official PHP certification, and sporadically contributes to OSS projects. He holds university degrees in computer science and business informatics and is a two-time recipient of a Knuth award check.

table of contents

PART 1: FIRSTS STEPS

READ IN LIVEBOOK1ON WEB APPLICATION SECURITY

READ IN LIVEBOOK2CROSS-SITE SCRIPTING (XSS)

READ IN LIVEBOOK3ATTACKING SESSION MANAGEMENT

READ IN LIVEBOOK4CROSS-SITE REQUEST FORGERY

READ IN LIVEBOOK5UNVALIDATED DATA

READ IN LIVEBOOK6SQL INJECTION (AND OTHER INJECTIONS)

READ IN LIVEBOOK7STORING SECRETS

READ IN LIVEBOOK8HANDLING PASSWORDS

READ IN LIVEBOOK9HTTP HEADERS

READ IN LIVEBOOK10ERROR HANDLING

READ IN LIVEBOOK11LOGGING AND HEALTH CHECKS

READ IN LIVEBOOK12SECURING WEB APPLICATIONS WITH ASP.NET CORE IDENTITY

13 SECURING APIS AND SINGLE PAGE APPLICATIONS (SPAS)

14 ECURE DEPENDENCIES

15 AUDIT TOOLS

16 OWASP TOP TEN