Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
ASP.NET Core 5 Secure Coding Cookbook
ASP.NET Core 5 Secure Coding Cookbook

ASP.NET Core 5 Secure Coding Cookbook: Practical recipes for tackling vulnerabilities in your ASP.NET web applications

eBook
$26.98 $29.99
Paperback
$43.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with Print?

Product feature icon Instant access to your digital copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Redeem a companion digital copy on all Print orders
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

ASP.NET Core 5 Secure Coding Cookbook

Chapter 2: Injection Flaws

Injection flaws in code can have the most devastating effects on ASP.NET Core web applications. The lack of validation and sanitization of untrusted input allows this vulnerability to be exploited, leading to the execution of arbitrary OS commands, authentication bypass, unexpected data manipulation, and content. At worse, it can disclose sensitive information and lead to an eventual data breach.

This chapter introduces you to various injection flaws and explains how you can remediate this security defect in code.

In this chapter, we're going to cover the following recipes:

  • Fixing SQL injection with Entity Framework
  • Fixing SQL injection in ADO.NET
  • Fixing NoSQL injection
  • Fixing command injection
  • Fixing LDAP injection
  • Fixing XPath injection

By the end of this chapter, you will learn how to properly write secure code and remove security bugs that will prevent injection attacks.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Discover the different types of security weaknesses in ASP.NET Core web applications and learn how to fix them
  • Understand what code makes an ASP.NET Core web app unsafe
  • Build your secure coding knowledge by following straightforward recipes

Description

ASP.NET Core developers are often presented with security test results showing the vulnerabilities found in their web apps. While the report may provide some high-level fix suggestions, it does not specify the exact steps that you need to take to resolve or fix weaknesses discovered by these tests. In ASP.NET Secure Coding Cookbook, you’ll start by learning the fundamental concepts of secure coding and then gradually progress to identifying common web app vulnerabilities in code. As you progress, you’ll cover recipes for fixing security misconfigurations in ASP.NET Core web apps. The book further demonstrates how you can resolve different types of Cross-Site Scripting. A dedicated section also takes you through fixing miscellaneous vulnerabilities that are no longer in the OWASP Top 10 list. This book features a recipe-style format, with each recipe containing sample unsecure code that presents the problem and corresponding solutions to eliminate the security bug. You’ll be able to follow along with each step of the exercise and use the accompanying sample ASP.NET Core solution to practice writing secure code. By the end of this book, you’ll be able to identify unsecure code causing different security flaws in ASP.NET Core web apps and you’ll have gained hands-on experience in removing vulnerabilities and security defects from your code.

Who is this book for?

This ASP.NET Core book is for intermediate-level ASP.NET Core web developers and software engineers who use the framework to develop web applications and are looking to focus on their security using coding best practices. The book is also for application security engineers, analysts, and specialists who want to know more about securing ASP.NET Core using code and understand how to resolve issues identified by the security tests they perform daily.

What you will learn

  • Understand techniques for squashing an ASP.NET Core web app security bug
  • Discover different types of injection attacks and understand how you can prevent this vulnerability from being exploited
  • Fix security issues in code relating to broken authentication and authorization
  • Eliminate the risks of sensitive data exposure by getting up to speed with numerous protection techniques
  • Prevent security misconfiguration by enabling ASP.NET Core web application security features
  • Explore other ASP.NET web application vulnerabilities and secure coding best practices
Estimated delivery fee Deliver to Japan

Standard delivery 10 - 13 business days

$8.95

Premium delivery 3 - 6 business days

$34.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jul 16, 2021
Length: 324 pages
Edition : 1st
Language : English
ISBN-13 : 9781801071567
Vendor :
Microsoft
Languages :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Redeem a companion digital copy on all Print orders
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to Japan

Standard delivery 10 - 13 business days

$8.95

Premium delivery 3 - 6 business days

$34.95
(Includes tracking information)

Product Details

Publication date : Jul 16, 2021
Length: 324 pages
Edition : 1st
Language : English
ISBN-13 : 9781801071567
Vendor :
Microsoft
Languages :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 172.97
ASP.NET Core 5 Secure Coding Cookbook
$43.99
C# 10 and .NET 6 – Modern Cross-Platform Development
$79.99
An Atypical ASP.NET Core 5 Design Patterns Guide
$48.99
Total $ 172.97 Stars icon

Table of Contents

14 Chapters
Chapter 1: Secure Coding Fundamentals Chevron down icon Chevron up icon
Chapter 2: Injection Flaws Chevron down icon Chevron up icon
Chapter 3: Broken Authentication Chevron down icon Chevron up icon
Chapter 4: Sensitive Data Exposure Chevron down icon Chevron up icon
Chapter 5: XML External Entities Chevron down icon Chevron up icon
Chapter 6: Broken Access Control Chevron down icon Chevron up icon
Chapter 7: Security Misconfiguration Chevron down icon Chevron up icon
Chapter 8: Cross-Site Scripting Chevron down icon Chevron up icon
Chapter 9: Insecure Deserialization Chevron down icon Chevron up icon
Chapter 10: Using Components with Known Vulnerabilities Chevron down icon Chevron up icon
Chapter 11: Insufficient Logging and Monitoring Chevron down icon Chevron up icon
Chapter 12: Miscellaneous Vulnerabilities Chevron down icon Chevron up icon
Chapter 13: Best Practices Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Full star icon 5
(6 Ratings)
5 star 100%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Daren May Jul 16, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
TLDR; Overall, I would recommend this book to both new developers and existing developers who wish to ensure their apps are covering all the bases.I really enjoyed the layout to this book. There are 11 chapters that address specific areas of concerns, such as injection attacks or cross-site scripting, and 2 final chapters that collate miscellaneous vulnerabilities and best practices. Each chapter presents a number of recipes which first illustrate a security vulnerability, usually with a sample, and then provides a step-by-step solution.Within each chapter, there is a consistent structure:* An introductory section that describes why the area of concern is important and outlines the the recipes contained within the chapter.* Technical requirements - describes the technology and tools that the chapter targets as well as the sample source code that supports the chapter.* And then for each recipe: * An introduction that justifies the need for the recipe, etc. * Getting ready - describes how to setup and build the sample that supports the recipe. For example a Web Application with a data entry for that lacks input validation. * How to do it... - step-by-step approach to implementing the recipe. For example, adding input validation to a form using the FluentValidation package. * How it works... - reviews the approach implemented in the recipe, describing in more detail what was performed. For example, discusses the use of the FluentValidation package in more detail and how it is implemented. * There's more... - further expands upon recipe, providing more context as well as alternative solutions. For example, discusses server-side validation in more detail and then goes on to discuss approaches for client-side validation. * See also... - provides links to documentation for additional learning.As you might expect, for completeness, some topics covered are already pretty well understood by most developers - however, I certainly learnt some new things in Ch6. Broken Access control and Ch9. Insecure Deserialization. Overall, I would recommend this book to both new developers and existing developers who wish to ensure their apps are covering all the bases.
Amazon Verified review Amazon
Jeffrey Chilberto Jul 17, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Security is often glossed over in beginner books and fortunately this secure coding cookbook provides a much needed resource for ASP.NET developers. This book covers a wide range of potential security threats and provides practical approaches to address these threats with functionality from the framework as well as well known and trusted 3rd party libraries.Thankfully this book does not spend time on the basics but jumps right in to examples and explanations. If you do not have some experience with ASP.NET, then you might want to pick up a beginner book first. I would also suggest some industry experience is needed to appreciate the context of security in application development. Likewise, if you are expecting to dive deep into security then you might be disappointed. This book is aimed at providing a good foundation and knowledge of security concerns in ASP.NET web development.Well written with clear examples, this is a great resource for intermediate developers to up their ASP.NET game!
Amazon Verified review Amazon
Anonymous May 24, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
It's difficult to be presented with a vulnerability report not knowing how to fix the security issues found in your web app. I literally have to Google, search for answers and pick the one that suits ASP.NET Core. This book is definitely worth the buy coz it saved me a lot of time looking for proper answers!
Amazon Verified review Amazon
Sunster Jul 17, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Using the OWASP categories, the author, Roman Canlas, provides ASP.NET Core solutions enabling developers to remediate issues many insecure programming issues; such issues include Cross-site Scripting, Broken Authentication, and Sensitive Data Exposure, just to name a few. Each chapter provides hands-on examples which show how to apply these remediations in ASP.NET, Razor and other .NET frameworks using the .NET Core platform. For example, remediation techniques introduced to address improved input validation includes .NET packages for defining regular expressions to create whitelisting and output encoding. In the area of SQLi mitigations, Canlas explains and shows examples of both framework-specific methods and stored procedures. In addition, for addressing brute-force and user enumeration attacks, recipes are provided showing how to use lockoutFailure checks and reCAPTCHA implmentations. In the Security Misconfiguration category, Canlas provides hardending techniques for addressing production debug statements, trace logs, and implementing security headers. Though more security headers could be added to this chapter, overall, Canlas provides a good start for developers for initial configurations. Recipes for mitigating Cross-site scripting attacks include how to use htmlEncoder and a browser-based library for addressing DOM-based XSS. In addition, Canlas describes how to remove weak protocols, disabling cache on pages which contain sensitive data, and how to avoid hard coded keys inside of application code. On the subject of XXE attacks, recipes are provided showing how to enable XSD validation and disabling DTD loading. Furthermore, authorization bugs stemming from IDOR issues can be mitigated with the use of GUIDs and dependency injection to obfuscate account IDs and other easily brute-forced references. The chapter on Insecure Deserialization provides recipes for how to safely deserialize objects using improved settings with the Json.NET framework. This recipe and others help to mitigate deserialization attacks against JSON and XML which could result in DoS or RCE. This book even addresses how developers can become aware of vulnerable NuGet Packages using the tool called Dotnet Retire within VS Code. Overall, the book gives ASP.NET Core web application developers a nice range of mitigations and controls to address some of the more common attacks plaguing web apps. The recipes are easy to follow and can all be run within VS Code. The book serves to provide .NET programmers with invaluable lessons, explanations, and code snippets for improving the security posture of ASP.NET Core web applications
Amazon Verified review Amazon
POE Sep 28, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The author provides a nice introduction to secure coding and then patterns the book’s content according to the Open Web Application Security Project’s (OWASP) top 10 web application security risks. The book does not include an introduction to ASP.NET, so readers should already have some familiarity with that framework.The easy-to-follow coding recipes provide a great way for readers to gain hands-on experience with secure coding using ASP.NET. These recipes also provide an opportunity for readers to gain important skills regarding ASP.NET. More importantly, the reader is left with a secure coding mindset that can help inform future development work.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the digital copy I get with my Print order? Chevron down icon Chevron up icon

When you buy any Print edition of our Books, you can redeem (for free) the eBook edition of the Print Book you’ve purchased. This gives you instant access to your book when you make an order via PDF, EPUB or our online Reader experience.

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela