Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
ASP.NET Core 5 Secure Coding Cookbook
ASP.NET Core 5 Secure Coding Cookbook

ASP.NET Core 5 Secure Coding Cookbook: Practical recipes for tackling vulnerabilities in your ASP.NET web applications

eBook
R$80 R$196.99
Paperback
R$245.99
Subscription
Free Trial
Renews at R$50p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

ASP.NET Core 5 Secure Coding Cookbook

Chapter 2: Injection Flaws

Injection flaws in code can have the most devastating effects on ASP.NET Core web applications. The lack of validation and sanitization of untrusted input allows this vulnerability to be exploited, leading to the execution of arbitrary OS commands, authentication bypass, unexpected data manipulation, and content. At worse, it can disclose sensitive information and lead to an eventual data breach.

This chapter introduces you to various injection flaws and explains how you can remediate this security defect in code.

In this chapter, we're going to cover the following recipes:

  • Fixing SQL injection with Entity Framework
  • Fixing SQL injection in ADO.NET
  • Fixing NoSQL injection
  • Fixing command injection
  • Fixing LDAP injection
  • Fixing XPath injection

By the end of this chapter, you will learn how to properly write secure code and remove security bugs that will prevent injection attacks.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Discover the different types of security weaknesses in ASP.NET Core web applications and learn how to fix them
  • Understand what code makes an ASP.NET Core web app unsafe
  • Build your secure coding knowledge by following straightforward recipes

Description

ASP.NET Core developers are often presented with security test results showing the vulnerabilities found in their web apps. While the report may provide some high-level fix suggestions, it does not specify the exact steps that you need to take to resolve or fix weaknesses discovered by these tests. In ASP.NET Secure Coding Cookbook, you’ll start by learning the fundamental concepts of secure coding and then gradually progress to identifying common web app vulnerabilities in code. As you progress, you’ll cover recipes for fixing security misconfigurations in ASP.NET Core web apps. The book further demonstrates how you can resolve different types of Cross-Site Scripting. A dedicated section also takes you through fixing miscellaneous vulnerabilities that are no longer in the OWASP Top 10 list. This book features a recipe-style format, with each recipe containing sample unsecure code that presents the problem and corresponding solutions to eliminate the security bug. You’ll be able to follow along with each step of the exercise and use the accompanying sample ASP.NET Core solution to practice writing secure code. By the end of this book, you’ll be able to identify unsecure code causing different security flaws in ASP.NET Core web apps and you’ll have gained hands-on experience in removing vulnerabilities and security defects from your code.

Who is this book for?

This ASP.NET Core book is for intermediate-level ASP.NET Core web developers and software engineers who use the framework to develop web applications and are looking to focus on their security using coding best practices. The book is also for application security engineers, analysts, and specialists who want to know more about securing ASP.NET Core using code and understand how to resolve issues identified by the security tests they perform daily.

What you will learn

  • Understand techniques for squashing an ASP.NET Core web app security bug
  • Discover different types of injection attacks and understand how you can prevent this vulnerability from being exploited
  • Fix security issues in code relating to broken authentication and authorization
  • Eliminate the risks of sensitive data exposure by getting up to speed with numerous protection techniques
  • Prevent security misconfiguration by enabling ASP.NET Core web application security features
  • Explore other ASP.NET web application vulnerabilities and secure coding best practices

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jul 16, 2021
Length: 324 pages
Edition : 1st
Language : English
ISBN-13 : 9781801079020
Vendor :
Microsoft
Languages :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Jul 16, 2021
Length: 324 pages
Edition : 1st
Language : English
ISBN-13 : 9781801079020
Vendor :
Microsoft
Languages :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
R$50 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
R$500 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just R$25 each
Feature tick icon Exclusive print discounts
R$800 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just R$25 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total R$ 964.97
ASP.NET Core 5 Secure Coding Cookbook
R$245.99
C# 10 and .NET 6 – Modern Cross-Platform Development
R$445.99
An Atypical ASP.NET Core 5 Design Patterns Guide
R$272.99
Total R$ 964.97 Stars icon

Table of Contents

14 Chapters
Chapter 1: Secure Coding Fundamentals Chevron down icon Chevron up icon
Chapter 2: Injection Flaws Chevron down icon Chevron up icon
Chapter 3: Broken Authentication Chevron down icon Chevron up icon
Chapter 4: Sensitive Data Exposure Chevron down icon Chevron up icon
Chapter 5: XML External Entities Chevron down icon Chevron up icon
Chapter 6: Broken Access Control Chevron down icon Chevron up icon
Chapter 7: Security Misconfiguration Chevron down icon Chevron up icon
Chapter 8: Cross-Site Scripting Chevron down icon Chevron up icon
Chapter 9: Insecure Deserialization Chevron down icon Chevron up icon
Chapter 10: Using Components with Known Vulnerabilities Chevron down icon Chevron up icon
Chapter 11: Insufficient Logging and Monitoring Chevron down icon Chevron up icon
Chapter 12: Miscellaneous Vulnerabilities Chevron down icon Chevron up icon
Chapter 13: Best Practices Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Full star icon 5
(6 Ratings)
5 star 100%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Daren May Jul 16, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
TLDR; Overall, I would recommend this book to both new developers and existing developers who wish to ensure their apps are covering all the bases.I really enjoyed the layout to this book. There are 11 chapters that address specific areas of concerns, such as injection attacks or cross-site scripting, and 2 final chapters that collate miscellaneous vulnerabilities and best practices. Each chapter presents a number of recipes which first illustrate a security vulnerability, usually with a sample, and then provides a step-by-step solution.Within each chapter, there is a consistent structure:* An introductory section that describes why the area of concern is important and outlines the the recipes contained within the chapter.* Technical requirements - describes the technology and tools that the chapter targets as well as the sample source code that supports the chapter.* And then for each recipe: * An introduction that justifies the need for the recipe, etc. * Getting ready - describes how to setup and build the sample that supports the recipe. For example a Web Application with a data entry for that lacks input validation. * How to do it... - step-by-step approach to implementing the recipe. For example, adding input validation to a form using the FluentValidation package. * How it works... - reviews the approach implemented in the recipe, describing in more detail what was performed. For example, discusses the use of the FluentValidation package in more detail and how it is implemented. * There's more... - further expands upon recipe, providing more context as well as alternative solutions. For example, discusses server-side validation in more detail and then goes on to discuss approaches for client-side validation. * See also... - provides links to documentation for additional learning.As you might expect, for completeness, some topics covered are already pretty well understood by most developers - however, I certainly learnt some new things in Ch6. Broken Access control and Ch9. Insecure Deserialization. Overall, I would recommend this book to both new developers and existing developers who wish to ensure their apps are covering all the bases.
Amazon Verified review Amazon
Jeffrey Chilberto Jul 17, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Security is often glossed over in beginner books and fortunately this secure coding cookbook provides a much needed resource for ASP.NET developers. This book covers a wide range of potential security threats and provides practical approaches to address these threats with functionality from the framework as well as well known and trusted 3rd party libraries.Thankfully this book does not spend time on the basics but jumps right in to examples and explanations. If you do not have some experience with ASP.NET, then you might want to pick up a beginner book first. I would also suggest some industry experience is needed to appreciate the context of security in application development. Likewise, if you are expecting to dive deep into security then you might be disappointed. This book is aimed at providing a good foundation and knowledge of security concerns in ASP.NET web development.Well written with clear examples, this is a great resource for intermediate developers to up their ASP.NET game!
Amazon Verified review Amazon
Anonymous May 24, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
It's difficult to be presented with a vulnerability report not knowing how to fix the security issues found in your web app. I literally have to Google, search for answers and pick the one that suits ASP.NET Core. This book is definitely worth the buy coz it saved me a lot of time looking for proper answers!
Amazon Verified review Amazon
Sunster Jul 17, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Using the OWASP categories, the author, Roman Canlas, provides ASP.NET Core solutions enabling developers to remediate issues many insecure programming issues; such issues include Cross-site Scripting, Broken Authentication, and Sensitive Data Exposure, just to name a few. Each chapter provides hands-on examples which show how to apply these remediations in ASP.NET, Razor and other .NET frameworks using the .NET Core platform. For example, remediation techniques introduced to address improved input validation includes .NET packages for defining regular expressions to create whitelisting and output encoding. In the area of SQLi mitigations, Canlas explains and shows examples of both framework-specific methods and stored procedures. In addition, for addressing brute-force and user enumeration attacks, recipes are provided showing how to use lockoutFailure checks and reCAPTCHA implmentations. In the Security Misconfiguration category, Canlas provides hardending techniques for addressing production debug statements, trace logs, and implementing security headers. Though more security headers could be added to this chapter, overall, Canlas provides a good start for developers for initial configurations. Recipes for mitigating Cross-site scripting attacks include how to use htmlEncoder and a browser-based library for addressing DOM-based XSS. In addition, Canlas describes how to remove weak protocols, disabling cache on pages which contain sensitive data, and how to avoid hard coded keys inside of application code. On the subject of XXE attacks, recipes are provided showing how to enable XSD validation and disabling DTD loading. Furthermore, authorization bugs stemming from IDOR issues can be mitigated with the use of GUIDs and dependency injection to obfuscate account IDs and other easily brute-forced references. The chapter on Insecure Deserialization provides recipes for how to safely deserialize objects using improved settings with the Json.NET framework. This recipe and others help to mitigate deserialization attacks against JSON and XML which could result in DoS or RCE. This book even addresses how developers can become aware of vulnerable NuGet Packages using the tool called Dotnet Retire within VS Code. Overall, the book gives ASP.NET Core web application developers a nice range of mitigations and controls to address some of the more common attacks plaguing web apps. The recipes are easy to follow and can all be run within VS Code. The book serves to provide .NET programmers with invaluable lessons, explanations, and code snippets for improving the security posture of ASP.NET Core web applications
Amazon Verified review Amazon
POE Sep 28, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The author provides a nice introduction to secure coding and then patterns the book’s content according to the Open Web Application Security Project’s (OWASP) top 10 web application security risks. The book does not include an introduction to ASP.NET, so readers should already have some familiarity with that framework.The easy-to-follow coding recipes provide a great way for readers to gain hands-on experience with secure coding using ASP.NET. These recipes also provide an opportunity for readers to gain important skills regarding ASP.NET. More importantly, the reader is left with a secure coding mindset that can help inform future development work.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.