Advanced ASP.NET Core 3 Security: Understanding Hacks, Attacks, and Vulnerabilities to Secure Your Website (Hardcover)

Advanced ASP.NET Core 3 Security: Understanding Hacks, Attacks, and Vulnerabilities to Secure Your Website Cover Image
Add to Wish List
Special Order - Arrival Times Vary


Incorporate best practices with ASP.NET Core security. This book includes security-related features available in the framework, and security topics rarely covered elsewhere. It digs deep into the ASP.NET Core 3.1 source code, explaining how something works (or how to fix a problem).

The ASP.NET Core framework does a good job in preventing certain types of attacks from happening, but there are many more non-trivial projects that invariably require developers to think outside the box. For that, there is very little guidance on how to safely venture beyond the simple use cases. And worse, there is a lot of bad advice online on how to implement functionality, be it encrypting unsafely hard-code parameters that need to be generated at runtime, to articles that advocate for certain solutions that are vulnerable to obvious injection attacks.

This book aims to train developers to avoid these problems. Unlike the vast majority of security books that are targeted to network administrators, system administrators, or managers, this book is targeted specifically to ASP.NET developers. The book begins by teaching developers how ASP.NET Core works behind the scenes, then talks about how various attacks are performed and how to prevent them. Finally, it dives into the concepts a developer needs to know to do some testing on their own without the help of a security professional.

What You Will Learn

  • Discern which attacks are easy to prevent in the framework and which are challenging
  • Dig into ASP.NET Core 3.1 source code to understand how the security services work
  • Establish a baseline for understanding how to design more secure software
  • Properly apply cryptography in software development
  • Take a deep dive into web security concepts
  • Validate input in a way that allows legitimate traffic but blocks malicious traffic
  • Understand parameterized queries and why they are so important to ASP.NET Core
  • Fix issues in a well-implemented solution
  • Know how logging works and its weaknesses in ASP.NET Core
  • Incorporate security in every phase of the software development process

Who This Book Is For

Software developers who have experience creating websites in ASP.NET and want to know how to make their websites secure from hackers and security professionals who work with a development team that uses ASP.NET Core. A basic understanding of web technologies such as HTML, JavaScript, and CSS is assumed, as is knowledge of how to create a website, and how to read and write C#. You do not need knowledge of security concepts, even those that are often covered in ASP.NET Core documentation.

About the Author

Scott Norberg is a web security specialist currently based in the Seattle, Washington area. He has more than 10 years of experience successfully delivering software products in a wide range of roles. As a security consultant, he has experience with many testing tools and techniques, including Dynamic (DAST) and Static (SAST) testing, as well as manual testing and reviewing source code. Along with the many websites he has designed and built with various versions of ASP.NET, he has performed security assessments for many more. While his language of choice is C#, he has also built websites, components, and other tools in F#, VB.NET, Python, R, Java, and Pascal. He holds several certifications, including Microsoft Certified Technology Specialist (MCTS) certifications for ASP.NET and SQL Server, and a Certified Information Systems Security Professional (CISSP) certification. He also has an MBA from Indiana University.

Product Details
ISBN: 9781484260135
ISBN-10: 1484260139
Publisher: Apress
Publication Date: December 12th, 2020
Pages: 380
Language: English