You're reading from ASP.NET Core 5 Secure Coding Cookbook Practical recipes for tackling vulnerabilities in your ASP.NET web applications

Product type Paperback

Published in Jul 2021

Publisher Packt

ISBN-13 9781801071567

Length 324 pages

Edition 1st Edition

Languages

Tools

.NET Core

Concepts

Web Programming

Author (1):

Roman Canlas

View More author details

Table of Contents (15) Chapters

Preface

1. Chapter 1: Secure Coding Fundamentals

2. Chapter 2: Injection Flaws FREE CHAPTER

3. Chapter 3: Broken Authentication

4. Chapter 4: Sensitive Data Exposure

5. Chapter 5: XML External Entities

6. Chapter 6: Broken Access Control

7. Chapter 7: Security Misconfiguration

8. Chapter 8: Cross-Site Scripting

9. Chapter 9: Insecure Deserialization

10. Chapter 10: Using Components with Known Vulnerabilities

11. Chapter 11: Insufficient Logging and Monitoring

12. Chapter 12: Miscellaneous Vulnerabilities

13. Chapter 13: Best Practices

14. Other Books You May Enjoy

What this book covers

Chapter 1, Securing Coding Fundamentals, is about basic secure coding patterns that every ASP.NET Core developer must know.

Chapter 2, Injection Flaws, explores recipes for various injection flaws, such as SQL injection, NoSQL injection, command injection, LDAP injection, and XPath injection.

Chapter 3, Broken Authentication, covers recipes for vulnerabilities that focus on insufficiently protected credentials, user enumeration, weak password requirements, and insufficient session expiration.

Chapter 4, Sensitive Data Exposure, shows how to implement HTTPS in our ASP.NET Core web applications, enable HSTS, ensure that the latest version of TLS is applied, and secure the cryptographic keys to prevent data leakage

Chapter 5, XML External Entities, covers recipes for remediating malicious XML External Entities. This chapter explains a sample insecure code snippet on XXE injection. An explanation of how to fix XXE injection will be discussed.

Chapter 6, Broken Access Control, explores recipes that use the built-in authorization mechanism in ASP.NET Core and the steps to implement role-based authorization to prevent unauthorized access to resources in your web application.

Chapter 7, Security Misconfiguration, discusses recipes to prevent security misconfiguration by turning debugging off in code, adding security features, and stopping unwanted information leaks to prying attackers with proper application settings.

Chapter 8, Cross-Site Scripting, covers recipes for remediating different types of XSS. This chapter explains insecure code for Reflected, Stored, and DOM XSS. This chapter also explains how to fix these cross-site scripting vulnerabilities in code.

Chapter 9, Insecure Deserialization, covers recipes on how to safely deserialize input using properly configured libraries, mitigate risks that an obsolete .NET class brings in your ASP.NET Core web application, and use a better deserializer alternative to securely deserialize data streams.

Chapter 10, Using Components with Known Vulnerabilities, discusses recipes for fixing ASP.NET Core web applications that use components with known vulnerabilities.

Chapter 11, Insufficient Logging and Monitoring, explores recipes for fixing insufficient logging and monitoring in ASP.NET Core web applications and explains how the lack of these features puts web applications at risk.

Chapter 12, Miscellaneous Vulnerabilities, discusses recipes for fixing vulnerabilities that are no longer in the OWASP Top 10 list and various ASP.NET Core web application vulnerabilities.

Chapter 13, Best Practices, covers best practice recipes with proven patterns that enable ASP.NET Core security features.