ASP.NET Core Security
- Length: 368 pages
- Edition: 1
- Language: English
- Publisher: Manning
- Publication Date: 2022-07-26
- ISBN-10: 1633439984
- ISBN-13: 9781633439986
- Sales Rank: #849412 (See Top 100 Books)
Understand and stop the hacks you read about in the headlines! This practical guide includes secure code samples, built-in ASP.NET tools, and insider techniques to help your web applications stay safe and secure.
ASP.NET Core Security is a practical and hands-on guide to securing web applications built with ASP.NET. Written by Christian Wenz, a 20-year veteran of web security, it reveals attacks that threaten your apps and introduces the built-in ASP.NET features you can use to defend against them.
ASP.NET Core Security delivers the skills and countermeasures you need to keep your ASP.NET apps secure from the most common web application attacks. It gives you an invaluable security mindset to help you anticipate risks and introduce practices like testing as regular security checkups. The examples focus on the unique needs of ASP.NET applications, and also offer universal security best practices essential for any professional web developer.
ASP.NET Core Security Copyright dedication contents front matter preface acknowledgments about this book Who should read this book? How this book is organized: a roadmap About the code liveBook discussion forum about the author about the cover illustration Part 1 First steps 1 On web application security 1.1 ASP.NET Core: History and options 1.1.1 ASP.NET Core version history 1.1.2 MVC 1.1.3 Razor Pages 1.1.4 Web API 1.1.5 Blazor 1.2 Identifying and mitigating threats 1.2.1 Web application components 1.2.2 Defense in depth 1.3 Security-related APIs 1.4 Security is important Summary Part 2 Mitigating common attacks 2 Cross-site scripting (XSS) 2.1 Anatomy of a cross-site scripting attack 2.2 Preventing cross-site scripting 2.2.1 Understanding the same-origin policy 2.2.2 Escaping HTML 2.2.3 Escaping in a different context 2.3 Content Security Policy 2.3.1 Sample application 2.3.2 How Content Security Policy works 2.3.3 Refactoring applications for Content Security Policy 2.3.4 Content Security Policy best practices 2.3.5 Content Security Policy Level 3 features 2.4 More browser safeguards Summary 3 Attacking session management 3.1 Anatomy of a session management attack 3.1.1 Stealing session cookies 3.1.2 Cookies and session management 3.2 ASP.NET Core cookie and session settings 3.3 Enforcing HTTPS 3.4 Detecting session hijacking Summary 4 Cross-site request forgery 4.1 Anatomy of a cross-site request forgery attack 4.2 Cross-site request forgery countermeasures 4.2.1 Making the HTTP request unpredictable 4.2.2 Securing the session cookie 4.3 Clickjacking 4.4 Cross-origin resource sharing Summary 5 Unvalidated data 5.1 Looking at HTTP 5.2 ASP.NET Core validation 5.3 Mass assignment 5.4 Secure deserialization Summary 6 SQL injection (and other injections) 6.1 Anatomy of an SQL injection attack 6.2 Prepared statements 6.3 Entity Framework Core 6.4 XML external entities 6.5 Other injections Summary Part 3 Secure data storage 7 Storing secrets 7.1 On encryption 7.2 Secret Manager 7.3 The appsettings.json file 7.4 Storing secrets in the cloud 7.4.1 Storing secrets in Azure 7.4.2 Storing secrets in AWS 7.4.3 Storing secrets in Google Cloud 7.5 Using the data protection API 7.6 Storing secrets locally with Blazor Summary 8 Handling passwords 8.1 From data leak to password theft 8.2 Implementing password hashing 8.2.1 MD5 (and why not to use it) 8.2.2 PBKDF2 8.2.3 Argon2 8.2.4 scrypt 8.2.5 bcrypt 8.3 Analyzing ASP.NET Core templates Summary Part 4 Configuration 9 HTTP headers 9.1 Hiding server information 9.2 Browser security headers 9.2.1 Referrer Policy 9.2.2 Feature and permissions policy 9.2.3 Preventing content sniffing 9.2.4 Cross-origin policies 9.2.5 Further headers Summary 10 Error handling 10.1 Error pages for web applications 10.1.1 Custom error pages 10.1.2 Status code error pages 10.2 Handling errors in APIs Summary 11 Logging and health checks 11.1 Health checks 11.1.1 Health check setup 11.1.2 Advanced heath checks 11.1.3 Formatting the output 11.1.4 Health checks UI 11.2 Logging 11.2.1 Creating log entries 11.2.2 Log levels 11.2.3 Log scopes Summary Part 5 Authentication and authorization 12 Securing web applications with ASP.NET Core Identity 12.1 ASP.NET Core Identity setup 12.2 ASP.NET Core Identity fundamentals 12.3 Advanced ASP.NET Core Identity features 12.3.1 Password options 12.3.2 Cookie options 12.3.3 Locking out users 12.3.4 Working with claims 12.3.5 Two-factor authentication 12.3.6 Authenticating with external providers Summary 13 Securing APIs and single page applications 13.1 Securing APIs with tokens 13.2 OAuth and OpenID Connect 13.2.1 OAuth vs. OpenID Connect 13.2.2 OAuth flows 13.3 Securing applications 13.3.1 Third-party tools 13.3.2 Client credentials 13.3.3 Authorization code + PKCE 13.3.4 SPAs and BFF Summary Part 6 Security as a process 14 Secure dependencies 14.1 Using npm audit 14.2 Keeping NuGet dependencies up-to-date Summary 15 Audit tools 15.1 Finding vulnerabilities 15.2 OWASP ZAP 15.3 Security Code Scan 15.4 GitHub Advanced Security Summary 16 OWASP Top 10 16.1 OWASP Top 10 16.1.1 Top 10 creation process 16.1.2 #1: Broken access control 16.1.3 #2: Cryptographic failures 16.1.4 #3: Injection 16.1.5 #4: Insecure design 16.1.6 #5: Security misconfiguration 16.1.7 #6: Vulnerable and outdated components 16.1.8 #7: Identification and authentication failures 16.1.9 #8: Software and data integrity failures 16.1.10 #9: Security logging and monitoring failures 16.1.11 #10: Server-side request forgery 16.2 OWASP API Top 10 16.3 Other lists Summary index inside back cover
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.