Advanced ASP.NET Core 3 Security - Scott Norberg

Advanced ASP.NET Core 3 Security (eBook)

Understanding Hacks, Attacks, and Vulnerabilities to Secure Your Website

(Autor)

eBook Download: PDF
2020 | First Edition
XX, 405 Seiten
Apress (Verlag)
978-1-4842-6014-2 (ISBN)
Systemvoraussetzungen
62,99 inkl. MwSt
  • Download sofort lieferbar
  • Zahlungsarten anzeigen

Incorporate security best practices into ASP.NET Core. This book covers security-related features available within the framework, explains where these feature may fall short, and delves into security topics rarely covered elsewhere. Get ready to dive deep into ASP.NET Core 3.1 source code, clarifying how particular features work and addressing how to fix problems. 

For straightforward use cases, the ASP.NET Core framework does a good job in preventing certain types of attacks from happening. But for some types of attacks, or situations that are not straightforward, there is very little guidance available on how to safely implement solutions. And worse, there is a lot of bad advice online on how to implement functionality, be it encrypting unsafely hard-coded parameters that need to be generated at runtime, or articles which advocate for certain solutions that are vulnerable to obvious injection attacks. Even more concerning is the functions in ASP.NET Core that are not as secure as they should be by default.

Advanced ASP.NET Core 3 Security is designed to train developers to avoid these problems. Unlike the vast majority of security books that are targeted to network administrators, system administrators, or managers, this book is targeted specifically to ASP.NET developers. Author Scott Norberg begins by teaching developers how ASP.NET Core works behind the scenes by going directly into the framework's source code. Then he talks about how various attacks are performed using the very tools that penetration testers would use to hack into an application. He shows developers how to prevent these attacks. Finally, he covers the concepts developers need to know to do some testing on their own, without the help of a security professional.


What You Will Learn

  • Discern which attacks are easy to prevent, and which are more challenging, in the framework
  • Dig into ASP.NET Core 3.1 source code to understand how the security services work
  • Establish a baseline for understanding how to design more secure software
  • Properly apply cryptography in software development
  • Take a deep dive into web security concepts
  • Validate input in a way that allows legitimate traffic but blocks malicious traffic
  • Understand parameterized queries and why they are so important to ASP.NET Core
  • Fix issues in a well-implemented solution
  • Know how the new logging system in ASP.NET Core falls short of security needs
  • Incorporate security into your software development process


Who This Book Is For

Software developers who have experience creating websites in ASP.NET and want to know how to make their websites secure from hackers and security professionals who work with a development team that uses ASP.NET Core. A basic understanding of web technologies such as HTML, JavaScript, and CSS is assumed, as is knowledge of how to create a website, and how to read and write C#. You do not need knowledge of security concepts, even those that are often covered in ASP.NET Core documentation.



Scott Norberg is a web security specialist with almost 15 years of experience in various technology and programming roles, focusing on developing and securing websites built with ASP.NET. As a security consultant, he specializes on blue team (defensive) techniques such as Dynamic Application Security Testing (DAST), code reviews, and manual penetration testing. He also has an interest in building plug-and-play software libraries that developers can use to secure their sites with little-to-no extra effort. As a developer, Scott has primarily built websites with C# and various versions of ASP.NET, and he has also built several tools and components using F#, VB.NET, Python, R, Java, and Pascal.

Scott holds several certifications, including Microsoft Certified Technology Specialist (MCTS), certifications for ASP.NET and SQL Server, and a Certified Information Systems Security Professional (CISSP) certification. He also has an MBA from Indiana University.

Scott is currently working as a contractor and consultant through his business, Norberg Consulting Group, LLC. You can see his latest ideas and projects at scottnorberg.com.


Incorporate security best practices into ASP.NET Core. This book covers security-related features available within the framework, explains where these feature may fall short, and delves into security topics rarely covered elsewhere. Get ready to dive deep into ASP.NET Core 3.1 source code, clarifying how particular features work and addressing how to fix problems. For straightforward use cases, the ASP.NET Core framework does a good job in preventing certain types of attacks from happening. But for some types of attacks, or situations that are not straightforward, there is very little guidance available on how to safely implement solutions. And worse, there is a lot of bad advice online on how to implement functionality, be it encrypting unsafely hard-coded parameters that need to be generated at runtime, or articles which advocate for certain solutions that are vulnerable to obvious injection attacks. Even more concerning is the functions in ASP.NET Core that are not as secure as they should be by default.Advanced ASP.NET Core 3 Security is designed to train developers to avoid these problems. Unlike the vast majority of security books that are targeted to network administrators, system administrators, or managers, this book is targeted specifically to ASP.NET developers. Author Scott Norberg begins by teaching developers how ASP.NET Core works behind the scenes by going directly into the framework's source code. Then he talks about how various attacks are performed using the very tools that penetration testers would use to hack into an application. He shows developers how to prevent these attacks. Finally, he covers the concepts developers need to know to do some testing on their own, without the help of a security professional.   What You Will LearnDiscern which attacks are easy to prevent, and which are more challenging, in the frameworkDig into ASP.NET Core 3.1 source code to understand how the security services workEstablish a baseline for understanding how to design more secure softwareProperly apply cryptography in software developmentTake a deep dive into web security conceptsValidate input in a way that allows legitimate traffic but blocks malicious traffic Understand parameterized queries and why they are so important to ASP.NET CoreFix issues in a well-implemented solution Know how the new logging system in ASP.NET Core falls short of security needsIncorporate security into your software development processWho This Book Is ForSoftware developers who have experience creating websites in ASP.NET and want to know how to make their websites secure from hackers and security professionals who work with a development team that uses ASP.NET Core. A basic understanding of web technologies such as HTML, JavaScript, and CSS is assumed, as is knowledge of how to create a website, and how to read and write C#. You do not need knowledge of security concepts, even those that are often covered in ASP.NET Core documentation.
Erscheint lt. Verlag 10.10.2020
Zusatzinfo XX, 405 p. 30 illus.
Sprache englisch
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Mathematik / Informatik Informatik Software Entwicklung
Schlagworte ASP.NET • ASP.NET Core • ASP.NET Core 3.1 • ASP.NET Security • C# programming • cryptography • Hacking .NET • Microsoft • .NET Security • Secure a website • Secure coding
ISBN-10 1-4842-6014-7 / 1484260147
ISBN-13 978-1-4842-6014-2 / 9781484260142
Haben Sie eine Frage zum Produkt?
PDFPDF (Wasserzeichen)
Größe: 5,8 MB

DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasser­zeichen und ist damit für Sie persona­lisiert. Bei einer missbräuch­lichen Weiter­gabe des eBooks an Dritte ist eine Rück­ver­folgung an die Quelle möglich.

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seiten­layout eignet sich die PDF besonders für Fach­bücher mit Spalten, Tabellen und Abbild­ungen. Eine PDF kann auf fast allen Geräten ange­zeigt werden, ist aber für kleine Displays (Smart­phone, eReader) nur einge­schränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Print-Ausgabe
Buch | Softcover
64,19 €
Mehr entdecken
aus dem Bereich
Cyber Crisis Management - Holger Kaschner
Cyber Crisis Management
Das Praxishandbuch zu Krisenmanagement und Krisenkommunikation

von Holger Kaschner

eBook Download (2024)
Springer Fachmedien Wiesbaden (Verlag)
34,99
Modernes IT-Management - Markus Mangiapane; Roman P. Büchler
Modernes IT-Management
Methodische Kombination von IT-Strategie und IT-Reifegradmodell

von Markus Mangiapane; Roman P. Büchler

eBook Download (2024)
Springer Vieweg (Verlag)
42,99
auf Facebook teilen
bei Twitter
Link zu dieser Seite kopieren