What do you get with eBook?

Instant access to your Digital eBook purchase

Download this book in EPUB and PDF formats

Access this title in our online reader with advanced features

DRM FREE - Read whenever, wherever and however you want

AI Assistant (beta) to help accelerate your learning

Key benefits

Discover the different types of security weaknesses in ASP.NET Core web applications and learn how to fix them

Understand what code makes an ASP.NET Core web app unsafe

Build your secure coding knowledge by following straightforward recipes

Description

ASP.NET Core developers are often presented with security test results showing the vulnerabilities found in their web apps. While the report may provide some high-level fix suggestions, it does not specify the exact steps that you need to take to resolve or fix weaknesses discovered by these tests. In ASP.NET Secure Coding Cookbook, you’ll start by learning the fundamental concepts of secure coding and then gradually progress to identifying common web app vulnerabilities in code. As you progress, you’ll cover recipes for fixing security misconfigurations in ASP.NET Core web apps. The book further demonstrates how you can resolve different types of Cross-Site Scripting. A dedicated section also takes you through fixing miscellaneous vulnerabilities that are no longer in the OWASP Top 10 list. This book features a recipe-style format, with each recipe containing sample unsecure code that presents the problem and corresponding solutions to eliminate the security bug. You’ll be able to follow along with each step of the exercise and use the accompanying sample ASP.NET Core solution to practice writing secure code. By the end of this book, you’ll be able to identify unsecure code causing different security flaws in ASP.NET Core web apps and you’ll have gained hands-on experience in removing vulnerabilities and security defects from your code.

Who is this book for?

This ASP.NET Core book is for intermediate-level ASP.NET Core web developers and software engineers who use the framework to develop web applications and are looking to focus on their security using coding best practices. The book is also for application security engineers, analysts, and specialists who want to know more about securing ASP.NET Core using code and understand how to resolve issues identified by the security tests they perform daily.

What you will learn

Understand techniques for squashing an ASP.NET Core web app security bug

Discover different types of injection attacks and understand how you can prevent this vulnerability from being exploited

Fix security issues in code relating to broken authentication and authorization

Eliminate the risks of sensitive data exposure by getting up to speed with numerous protection techniques

Prevent security misconfiguration by enabling ASP.NET Core web application security features

Explore other ASP.NET web application vulnerabilities and secure coding best practices

What do you get with eBook?

Instant access to your Digital eBook purchase

Download this book in EPUB and PDF formats

Access this title in our online reader with advanced features

DRM FREE - Read whenever, wherever and however you want

AI Assistant (beta) to help accelerate your learning

Frequently bought together

R$245.99

C# 10 and .NET 6 – Modern Cross-Platform Development

R$445.99

An Atypical ASP.NET Core 5 Design Patterns Guide

R$272.99

Total R$ 964.97

Daren May Jul 16, 2021

TLDR; Overall, I would recommend this book to both new developers and existing developers who wish to ensure their apps are covering all the bases.I really enjoyed the layout to this book. There are 11 chapters that address specific areas of concerns, such as injection attacks or cross-site scripting, and 2 final chapters that collate miscellaneous vulnerabilities and best practices. Each chapter presents a number of recipes which first illustrate a security vulnerability, usually with a sample, and then provides a step-by-step solution.Within each chapter, there is a consistent structure:* An introductory section that describes why the area of concern is important and outlines the the recipes contained within the chapter.* Technical requirements - describes the technology and tools that the chapter targets as well as the sample source code that supports the chapter.* And then for each recipe: * An introduction that justifies the need for the recipe, etc. * Getting ready - describes how to setup and build the sample that supports the recipe. For example a Web Application with a data entry for that lacks input validation. * How to do it... - step-by-step approach to implementing the recipe. For example, adding input validation to a form using the FluentValidation package. * How it works... - reviews the approach implemented in the recipe, describing in more detail what was performed. For example, discusses the use of the FluentValidation package in more detail and how it is implemented. * There's more... - further expands upon recipe, providing more context as well as alternative solutions. For example, discusses server-side validation in more detail and then goes on to discuss approaches for client-side validation. * See also... - provides links to documentation for additional learning.As you might expect, for completeness, some topics covered are already pretty well understood by most developers - however, I certainly learnt some new things in Ch6. Broken Access control and Ch9. Insecure Deserialization. Overall, I would recommend this book to both new developers and existing developers who wish to ensure their apps are covering all the bases.

Amazon Verified review

Jeffrey Chilberto Jul 17, 2021

Security is often glossed over in beginner books and fortunately this secure coding cookbook provides a much needed resource for ASP.NET developers. This book covers a wide range of potential security threats and provides practical approaches to address these threats with functionality from the framework as well as well known and trusted 3rd party libraries.Thankfully this book does not spend time on the basics but jumps right in to examples and explanations. If you do not have some experience with ASP.NET, then you might want to pick up a beginner book first. I would also suggest some industry experience is needed to appreciate the context of security in application development. Likewise, if you are expecting to dive deep into security then you might be disappointed. This book is aimed at providing a good foundation and knowledge of security concerns in ASP.NET web development.Well written with clear examples, this is a great resource for intermediate developers to up their ASP.NET game!

Amazon Verified review

Anonymous May 24, 2022

It's difficult to be presented with a vulnerability report not knowing how to fix the security issues found in your web app. I literally have to Google, search for answers and pick the one that suits ASP.NET Core. This book is definitely worth the buy coz it saved me a lot of time looking for proper answers!

Amazon Verified review

Sunster Jul 17, 2021

Using the OWASP categories, the author, Roman Canlas, provides ASP.NET Core solutions enabling developers to remediate issues many insecure programming issues; such issues include Cross-site Scripting, Broken Authentication, and Sensitive Data Exposure, just to name a few. Each chapter provides hands-on examples which show how to apply these remediations in ASP.NET, Razor and other .NET frameworks using the .NET Core platform. For example, remediation techniques introduced to address improved input validation includes .NET packages for defining regular expressions to create whitelisting and output encoding. In the area of SQLi mitigations, Canlas explains and shows examples of both framework-specific methods and stored procedures. In addition, for addressing brute-force and user enumeration attacks, recipes are provided showing how to use lockoutFailure checks and reCAPTCHA implmentations. In the Security Misconfiguration category, Canlas provides hardending techniques for addressing production debug statements, trace logs, and implementing security headers. Though more security headers could be added to this chapter, overall, Canlas provides a good start for developers for initial configurations. Recipes for mitigating Cross-site scripting attacks include how to use htmlEncoder and a browser-based library for addressing DOM-based XSS. In addition, Canlas describes how to remove weak protocols, disabling cache on pages which contain sensitive data, and how to avoid hard coded keys inside of application code. On the subject of XXE attacks, recipes are provided showing how to enable XSD validation and disabling DTD loading. Furthermore, authorization bugs stemming from IDOR issues can be mitigated with the use of GUIDs and dependency injection to obfuscate account IDs and other easily brute-forced references. The chapter on Insecure Deserialization provides recipes for how to safely deserialize objects using improved settings with the Json.NET framework. This recipe and others help to mitigate deserialization attacks against JSON and XML which could result in DoS or RCE. This book even addresses how developers can become aware of vulnerable NuGet Packages using the tool called Dotnet Retire within VS Code. Overall, the book gives ASP.NET Core web application developers a nice range of mitigations and controls to address some of the more common attacks plaguing web apps. The recipes are easy to follow and can all be run within VS Code. The book serves to provide .NET programmers with invaluable lessons, explanations, and code snippets for improving the security posture of ASP.NET Core web applications

Amazon Verified review

POE Sep 28, 2021

The author provides a nice introduction to secure coding and then patterns the book’s content according to the Open Web Application Security Project’s (OWASP) top 10 web application security risks. The book does not include an introduction to ASP.NET, so readers should already have some familiarity with that framework.The easy-to-follow coding recipes provide a great way for readers to gain hands-on experience with secure coding using ASP.NET. These recipes also provide an opportunity for readers to gain important skills regarding ASP.NET. More importantly, the reader is left with a secure coding mindset that can help inform future development work.

Amazon Verified review

ASP.NET Core 5 Secure Coding Cookbook: Practical recipes for tackling vulnerabilities in your ASP.NET web applications

What do you get with eBook?