What do you get with Print?

Instant access to your digital copy whilst your Print order is Shipped

Paperback book shipped to your preferred address

Redeem a companion digital copy on all Print orders

Access this title in our online reader with advanced features

DRM FREE - Read whenever, wherever and however you want

AI Assistant (beta) to help accelerate your learning

Key benefits

Discover the different types of security weaknesses in ASP.NET Core web applications and learn how to fix them

Understand what code makes an ASP.NET Core web app unsafe

Build your secure coding knowledge by following straightforward recipes

Description

ASP.NET Core developers are often presented with security test results showing the vulnerabilities found in their web apps. While the report may provide some high-level fix suggestions, it does not specify the exact steps that you need to take to resolve or fix weaknesses discovered by these tests. In ASP.NET Secure Coding Cookbook, you’ll start by learning the fundamental concepts of secure coding and then gradually progress to identifying common web app vulnerabilities in code. As you progress, you’ll cover recipes for fixing security misconfigurations in ASP.NET Core web apps. The book further demonstrates how you can resolve different types of Cross-Site Scripting. A dedicated section also takes you through fixing miscellaneous vulnerabilities that are no longer in the OWASP Top 10 list. This book features a recipe-style format, with each recipe containing sample unsecure code that presents the problem and corresponding solutions to eliminate the security bug. You’ll be able to follow along with each step of the exercise and use the accompanying sample ASP.NET Core solution to practice writing secure code. By the end of this book, you’ll be able to identify unsecure code causing different security flaws in ASP.NET Core web apps and you’ll have gained hands-on experience in removing vulnerabilities and security defects from your code.

Who is this book for?

This ASP.NET Core book is for intermediate-level ASP.NET Core web developers and software engineers who use the framework to develop web applications and are looking to focus on their security using coding best practices. The book is also for application security engineers, analysts, and specialists who want to know more about securing ASP.NET Core using code and understand how to resolve issues identified by the security tests they perform daily.

What you will learn

Understand techniques for squashing an ASP.NET Core web app security bug

Discover different types of injection attacks and understand how you can prevent this vulnerability from being exploited

Fix security issues in code relating to broken authentication and authorization

Eliminate the risks of sensitive data exposure by getting up to speed with numerous protection techniques

Prevent security misconfiguration by enabling ASP.NET Core web application security features

Explore other ASP.NET web application vulnerabilities and secure coding best practices

What do you get with Print?

Instant access to your digital copy whilst your Print order is Shipped

Paperback book shipped to your preferred address

Redeem a companion digital copy on all Print orders

Access this title in our online reader with advanced features

DRM FREE - Read whenever, wherever and however you want

AI Assistant (beta) to help accelerate your learning

Frequently bought together

$43.99

C# 10 and .NET 6 – Modern Cross-Platform Development

$79.99

An Atypical ASP.NET Core 5 Design Patterns Guide

$48.99

Total $ 172.97

Daren May Jul 16, 2021

TLDR; Overall, I would recommend this book to both new developers and existing developers who wish to ensure their apps are covering all the bases.I really enjoyed the layout to this book. There are 11 chapters that address specific areas of concerns, such as injection attacks or cross-site scripting, and 2 final chapters that collate miscellaneous vulnerabilities and best practices. Each chapter presents a number of recipes which first illustrate a security vulnerability, usually with a sample, and then provides a step-by-step solution.Within each chapter, there is a consistent structure:* An introductory section that describes why the area of concern is important and outlines the the recipes contained within the chapter.* Technical requirements - describes the technology and tools that the chapter targets as well as the sample source code that supports the chapter.* And then for each recipe: * An introduction that justifies the need for the recipe, etc. * Getting ready - describes how to setup and build the sample that supports the recipe. For example a Web Application with a data entry for that lacks input validation. * How to do it... - step-by-step approach to implementing the recipe. For example, adding input validation to a form using the FluentValidation package. * How it works... - reviews the approach implemented in the recipe, describing in more detail what was performed. For example, discusses the use of the FluentValidation package in more detail and how it is implemented. * There's more... - further expands upon recipe, providing more context as well as alternative solutions. For example, discusses server-side validation in more detail and then goes on to discuss approaches for client-side validation. * See also... - provides links to documentation for additional learning.As you might expect, for completeness, some topics covered are already pretty well understood by most developers - however, I certainly learnt some new things in Ch6. Broken Access control and Ch9. Insecure Deserialization. Overall, I would recommend this book to both new developers and existing developers who wish to ensure their apps are covering all the bases.

Amazon Verified review

Jeffrey Chilberto Jul 17, 2021

Security is often glossed over in beginner books and fortunately this secure coding cookbook provides a much needed resource for ASP.NET developers. This book covers a wide range of potential security threats and provides practical approaches to address these threats with functionality from the framework as well as well known and trusted 3rd party libraries.Thankfully this book does not spend time on the basics but jumps right in to examples and explanations. If you do not have some experience with ASP.NET, then you might want to pick up a beginner book first. I would also suggest some industry experience is needed to appreciate the context of security in application development. Likewise, if you are expecting to dive deep into security then you might be disappointed. This book is aimed at providing a good foundation and knowledge of security concerns in ASP.NET web development.Well written with clear examples, this is a great resource for intermediate developers to up their ASP.NET game!

Amazon Verified review

Anonymous May 24, 2022

It's difficult to be presented with a vulnerability report not knowing how to fix the security issues found in your web app. I literally have to Google, search for answers and pick the one that suits ASP.NET Core. This book is definitely worth the buy coz it saved me a lot of time looking for proper answers!

Amazon Verified review

Sunster Jul 17, 2021

Using the OWASP categories, the author, Roman Canlas, provides ASP.NET Core solutions enabling developers to remediate issues many insecure programming issues; such issues include Cross-site Scripting, Broken Authentication, and Sensitive Data Exposure, just to name a few. Each chapter provides hands-on examples which show how to apply these remediations in ASP.NET, Razor and other .NET frameworks using the .NET Core platform. For example, remediation techniques introduced to address improved input validation includes .NET packages for defining regular expressions to create whitelisting and output encoding. In the area of SQLi mitigations, Canlas explains and shows examples of both framework-specific methods and stored procedures. In addition, for addressing brute-force and user enumeration attacks, recipes are provided showing how to use lockoutFailure checks and reCAPTCHA implmentations. In the Security Misconfiguration category, Canlas provides hardending techniques for addressing production debug statements, trace logs, and implementing security headers. Though more security headers could be added to this chapter, overall, Canlas provides a good start for developers for initial configurations. Recipes for mitigating Cross-site scripting attacks include how to use htmlEncoder and a browser-based library for addressing DOM-based XSS. In addition, Canlas describes how to remove weak protocols, disabling cache on pages which contain sensitive data, and how to avoid hard coded keys inside of application code. On the subject of XXE attacks, recipes are provided showing how to enable XSD validation and disabling DTD loading. Furthermore, authorization bugs stemming from IDOR issues can be mitigated with the use of GUIDs and dependency injection to obfuscate account IDs and other easily brute-forced references. The chapter on Insecure Deserialization provides recipes for how to safely deserialize objects using improved settings with the Json.NET framework. This recipe and others help to mitigate deserialization attacks against JSON and XML which could result in DoS or RCE. This book even addresses how developers can become aware of vulnerable NuGet Packages using the tool called Dotnet Retire within VS Code. Overall, the book gives ASP.NET Core web application developers a nice range of mitigations and controls to address some of the more common attacks plaguing web apps. The recipes are easy to follow and can all be run within VS Code. The book serves to provide .NET programmers with invaluable lessons, explanations, and code snippets for improving the security posture of ASP.NET Core web applications

Amazon Verified review

POE Sep 28, 2021

The author provides a nice introduction to secure coding and then patterns the book’s content according to the Open Web Application Security Project’s (OWASP) top 10 web application security risks. The book does not include an introduction to ASP.NET, so readers should already have some familiarity with that framework.The easy-to-follow coding recipes provide a great way for readers to gain hands-on experience with secure coding using ASP.NET. These recipes also provide an opportunity for readers to gain important skills regarding ASP.NET. More importantly, the reader is left with a secure coding mindset that can help inform future development work.

Amazon Verified review

FAQs

What is the digital copy I get with my Print order?

When you buy any Print edition of our Books, you can redeem (for free) the eBook edition of the Print Book you’ve purchased. This gives you instant access to your book when you make an order via PDF, EPUB or our online Reader experience.

What is the delivery time and cost of print book?

Shipping Details

USA:

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.

Unfortunately, due to several restrictions, we are unable to ship to the following countries:

Afghanistan
American Samoa
Belarus
Brunei Darussalam
Central African Republic
The Democratic Republic of Congo
Eritrea
Guinea-bissau
Iran
Lebanon
Libiya Arab Jamahriya
Somalia
Sudan
Russian Federation
Syrian Arab Republic
Ukraine
Venezuela

What is custom duty/charge?

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order?

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges?

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.

How can I cancel my order?

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy?

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged?

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use?

You can pay with the following card types:

Visa Debit
Visa Credit
MasterCard
PayPal

What is the delivery time and cost of print books?

Shipping Details

USA:

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Unfortunately, due to several restrictions, we are unable to ship to the following countries:

Afghanistan
American Samoa
Belarus
Brunei Darussalam
Central African Republic
The Democratic Republic of Congo
Eritrea
Guinea-bissau
Iran
Lebanon
Libiya Arab Jamahriya
Somalia
Sudan
Russian Federation
Syrian Arab Republic
Ukraine
Venezuela

ASP.NET Core 5 Secure Coding Cookbook: Practical recipes for tackling vulnerabilities in your ASP.NET web applications

What do you get with Print?