book

ASP.NET Core 5 Secure Coding Cookbook

by Roman Canlas

July 2021

Intermediate to advanced

324 pages

5h 35m

English

Packt Publishing

Read now

Unlock full access

ForewordContributorsAbout the authorAbout the reviewers
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesDownload the color imagesConventions usedSectionsGetting readyHow to do it…How it works…There's more…See alsoGet in touchShare Your Thoughts
Technical requirementsInput validationEnabling whitelist validation using validation attributesGetting readyHow to do it…How it works…Whitelist validation using the FluentValidation libraryGetting readyHow to do it…How it works…There's more…See also…Syntactic and semantic validationCreating a custom validation attribute to implement semantic validationGetting readyHow to do it…How it works…Input sanitizationGetting readyHow to do it…How it works…Input sanitization using the HTMLSanitizer libraryGetting readyHow to do it…How it works…Output encodingOutput encoding using HtmlEncoderGetting readyHow to do it…How it works…Output encoding using UrlEncoderGetting readyHow to do it…How it works…Output encoding using JavascriptEncoderGetting readyHow to do it…How it works…Protecting sensitive data using the Data Protection APIGetting readyHow to do it…How it works…See also
Technical requirementsWhat is SQL injection?Fixing SQL injection with Entity FrameworkGetting readyHow to do it…How it works…There's more…Fixing SQL injection in ADO.NETGetting readyHow to do it…How it works…There's more…Fixing NoSQL injectionGetting readyHow to do it…How it works…There's more…Fixing command injectionGetting readyHow to do it…How it works…There's more…Fixing LDAP injectionGetting readyHow to do it…How it works…Fixing XPath injectionGetting readyHow to do it…How it works…There's more…
Technical requirementsFixing the incorrect restrictions of excessive authentication attemptsGetting readyHow to do it…How it works…There's more…Fixing insufficiently protected credentialsGetting readyHow to do it…How it works…Fixing user enumerationGetting readyHow to do it…How it works…Fixing weak password requirementsGetting readyHow to do it…How it works…Fixing insufficient session expirationGetting readyHow to do it…How it works…
Technical requirementsFixing insufficient protection of data in transitGetting readyHow to do it…How it works…Fix missing HSTS headersGetting readyHow to do it…How it works…There's more…Fixing weak protocolsGetting readyHow to do it…How it works…Fixing hardcoded cryptographic keysGetting readyHow to do it…How it works…There's more…Disabling caching for critical web pagesGetting readyHow to do it…How it works…
Technical requirementsEnabling XML validationGetting readyHow to do it…How it works…There's more…Fixing XXE injection with XmlDocumentGetting readyHow to do it…How it works…There's more…Fixing XXE injection with XmlTextReaderGetting readyHow to do it…How it works…Fixing XXE injection with LINQ to XMLGetting readyHow to do it…How it works…
Technical requirementsFixing IDORGetting readyHow to do it…How it works…Fixing improper authorizationTesting improper authorizationGetting readyHow to do it…How it works…Fixing missing access controlGetting readyHow to do it…How it works…Fixing open redirect vulnerabilitiesGetting readyHow to do it…How it works…
Technical requirementsDisabling debugging features in non-development environmentsGetting readyHow to do it…How it works…Fixing disabled security featuresGetting readyHow to do it…How it works…Disabling unnecessary featuresGetting readyHow to do it…How it works…Fixing information exposure through an error messageGetting readyHow to do it…How it worksFixing information exposure through insecure cookiesGetting readyHow to do it…How it works
Technical requirementsFixing reflected XSSGetting readyHow to do it…How it works…Fixing stored/persistent XSSGetting readyHow it works…There's more…Fixing DOM XSSGetting readyHow to do it…How it works…

Technical requirementsFixing unsafe deserialization Getting readyTesting unsafe deserializationHow to do it…How it works…There's more…Fixing the use of insecure deserializersGetting readyHow to do it…How it works…There's more…Fixing untrusted data deserializationTesting untrusted data deserializationGetting readyHow to do it…How it works…
Technical requirementsFixing the use of a vulnerable third-party JavaScript libraryGetting readyTesting outdated and vulnerable third-party librariesHow to do it…How it works…There's more…See alsoFixing the use of a vulnerable NuGet packageGetting readyTesting vulnerable NuGet packagesHow to do it…How it works…Fixing the use of a library hosted from an untrusted sourceGetting readyHow to do it…How it works…There's more…
Technical requirementsFixing insufficient logging of exceptionsGetting readyHow to do it…How it works…Fixing insufficient logging of DB transactionsHow to do it…How it works…Fixing excessive information loggingHow to do it…How it works…Fixing a lack of security monitoringHow to do it…How it works…There's more…
Technical requirementsFixing the disabled anti-Cross-Site Request Forgery protectionGetting readyHow to do it…How it works…There's more…Preventing Server-Side Request ForgeryGetting readyHow to do it…How it works…There's more…Preventing log injectionGetting readyHow to do it…How it works…There's more…Preventing HTTP response splittingGetting readyHow to do it…How it works…There's more…Preventing clickjackingGetting readyClickjacking proof of concept (PoC)How to do it…How it works…Fixing insufficient randomnessGetting readyHow to do it…How it works…
Technical requirementsGetting readyProper exception handlingGetting readyHow to do it…How it works…There's more…Using security-related cookie attributesGetting readyHow to do it…How it works…Using a Content Security PolicyGetting readyHow to do it…How it works…There's more…Fixing leftover debug codeGetting readyHow to do it…How it works…There's more…
Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts

Overview

ASP.NET Core 5 Secure Coding Cookbook teaches you how to identify, understand, and fix common security vulnerabilities in your ASP.NET Core web applications. By following its recipe-oriented approach, you'll learn practical steps and techniques to enhance your applications' security, ensuring robustness against various threats.

What this Book will help me do

Identify and understand common security vulnerabilities in ASP.NET Core applications.
Implement secure coding principles to eliminate injection flaws and other vulnerabilities.
Fix issues related to authentication, authorization, and sensitive data exposure.
Leverage ASP.NET Core application security features to prevent misconfigurations.
Apply best practices to develop safer and more secure web applications.

Author(s)

The author, Roman Canlas, is an experienced software developer and security enthusiast with over a decade of expertise in ASP.NET and web application development. Roman has worked on large-scale applications, emphasizing security and performance. His passion for coding and teaching is reflected in the step-by-step guidance and practical insights he offers in this book.

Who is it for?

This book targets ASP.NET Core developers and software engineers with an intermediate understanding of web application development who aim to enhance their coding practices by focusing on security. It's also ideal for application security specialists seeking practical solutions to common vulnerabilities. If you're looking to improve the security robustness of your ASP.NET Core web applications or fix issues identified in security assessments, this book is for you.