Christian Wenz - ASP.NET Core Security
Here you can read online Christian Wenz - ASP.NET Core Security full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2022, publisher: Manning, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:ASP.NET Core Security
- Author:
- Publisher:Manning
- Genre:
- Year:2022
- Rating:5 / 5
- Favourites:Add to favourites
- Your mark:
ASP.NET Core Security: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "ASP.NET Core Security" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
In ASP.NET Core Security, you will learn how to:
Understand and recognize common web app attacks
Implement attack countermeasures
Use testing and scanning tools and libraries
Activate built-in browser security features from ASP.NET
Take advantage of .NET and ASP.NET Core security APIs
Manage passwords to minimize damage from a data leak
Securely store application secrets
ASP.NET Core Security teaches you the skills and countermeasures you need to keep your ASP.NET Core apps secure from the most common web application attacks. With this collection of practical techniques, you will be able to anticipate risks and introduce practices like testing as regular security checkups. Youll be fascinated as the author explores real-world security breaches, including rogue Firefox extensions and Adobe password thefts. The examples present universal security best practices with a sharp focus on the unique needs of ASP.NET Core applications.
Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
About the technology
Your ASP.NET Core applications are under attack now. Are you ready? Th ere are specific countermeasures you can apply to keep your company out of the headlines. This book demonstrates exactly how to secure ASP.NET Core web applications, including safe browser interactions, recognizing common threats, and deploying the frameworks unique security APIs.
About the book
ASP.NET Core Security is a realistic guide to securing your web applications. It starts on the dark side, exploring case studies of cross-site scripting, SQL injection, and other weapons used by hackers. As you go, youll learn how to implement countermeasures, activate browser security features, minimize attack damage, and securely store application secrets. Detailed ASP.NET Core code samples in C# show you how each technique looks in practice.
Whats inside
Understand and recognize common web app attacks
Testing tools, helper libraries, and scanning tools
Activate built-in browser security features
Take advantage of .NET and ASP.NET Core security APIs
Manage passwords to minimize damage from a data leak
About the reader
For experienced ASP.NET Core web developers.
About the author
Christian Wenz is a web pioneer, consultant, and entrepreneur.
Table of Contents
PART 1 FIRST STEPS
1 On web application security
PART 2 MITIGATING COMMON ATTACKS
2 Cross-site scripting (XSS)
3 Attacking session management
4 Cross-site request forgery
5 Unvalidated data
6 SQL injection (and other injections)
PART 3 SECURE DATA STORAGE
7 Storing secrets
8 Handling passwords
PART 4 CONFIGURATION
9 HTTP headers
10 Error handling
11 Logging and health checks
PART 5 AUTHENTICATION AND AUTHORIZATION
12 Securing web applications with ASP.NET Core Identity
13 Securing APIs and single page applications
PART 6 SECURITY AS A PROCESS
14 Secure dependencies
15 Audit tools
16 OWASP Top 10
Christian Wenz: author's other books
Who wrote ASP.NET Core Security? Find out the surname, the name of the author of the book and a list of all author's works by series.
ASP.NET Core Security — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "ASP.NET Core Security" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
Christian Wenz
To comment go to liveBook
Manning
Shelter Island
For more information on this and other Manning titles go to
www.manning.com
For online information and ordering of these and other Manning books, please visit www.manning.com. The publisher offers discounts on these books when ordered in quantity.
For more information, please contact
Special Sales Department
Manning Publications Co.
20 Baldwin Road
PO Box 761
Shelter Island, NY 11964
Email: orders@manning.com
2022 by Manning Publications Co. All rights reserved.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by means electronic, mechanical, photocopying, or otherwise, without prior written permission of the publisher.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in the book, and Manning Publications was aware of a trademark claim, the designations have been printed in initial caps or all caps.
Recognizing the importance of preserving what has been written, it is Mannings policy to have the books we publish printed on acid-free paper, and we exert our best efforts to that end. Recognizing also our responsibility to conserve the resources of our planet, Manning books are printed on paper that is at least 15 percent recycled and processed without the use of elemental chlorine.
| Manning Publications Co. 20 Baldwin Road Technical PO Box 761 Shelter Island, NY 11964 |
Development editor: | Doug Rudder |
Technical development editor: | Ben McNamara |
Review editor: | Adriana Sabo |
Production editor: | Andy Marinkovich |
Copy editor: | Carrie Andrews |
Proofreader: | Melody Dolab |
Technical proofreader: | Srihari Sridharan |
Typesetter and cover designer: | Marija Tudor |
ISBN: 9781633439986
To HMS.
I still remember the first time I was exposed to the topic of web application security, although I did not realize the impact at that time. Back around 1997, I was creating web applications (or, rather, websites, back then), but hosting services were really expensive. For one of my projects, the only option I could afford was one where I was allowed to create just one page (!), and I had to use the hosting providers tooling for thatno custom HTML or CSS was possible. I had plenty of free space available on a free hosting service but could not use my own domain there; rather, I used something like http://home.someprovider.com/mysite .
One of the very few features available to me was to set the keywords of the page (back in the day, search engines actually parsed that information). If I was using web application security, hacking, for instance, this would be turned into the following HTML markup:
After some experimenting, I found that I could try the following keyword:
"><"It turned out that the provider was putting this data verbatim into the
tag, leading to this result (formatted for legibility, with my input in bold):<"">So I injected another
tag that redirected the browser to my actual site, hosted for free somewhere else.It took a while until I understood the implications of what I had foundit was possible to inject arbitrary content on that page. My attack was harmless, but it would also have been possible to add other, more malicious markup. This sparked my interest in web application security, and I havent looked back since. I have audited countless web applications, worked with customers before or after an audit, taught developers to write secure web applications, spoken at conferences on three continents about web application security, and tried my best to make the applications I was responsible for as safe as possible. In 2004, I was awarded a Microsoft MVP (Most Valuable Professional) award for ASP.NET for the first time, and Ive followed security APIs, gotchas, and concerns in that framework very closely over the years.
I had considered writing a book on the experience and knowledge I have gained over the last 25 years, but the timing was never right. In mid-2021, it suddenly was, and I started a monthslong journey to condense everything I know and consider important into the book you are about to read.
In my experience, just knowing countermeasures against certain threats is not good enough. Developers need to understand how attacks workits easier to defend against things you have already seen. Thats why many of the chapters will first show the attack and then explain how to prevent it. Apart from making the content more accessible that way, its also funwe see how things can be broken and call this work!
As the title suggests, ASP.NET Core Security is based on ASP.NET Core, which includes both Razor Pages and ASP.NET Core MVC. The book also covers Microsofts third web application framework, Blazor, where its feasible. All the examples in the book use C# and are based on .NET 6 (and are expected to still be valid for many versions to come).
Many people who were involved in getting this book ready for you to enjoy are mentioned on the copyright page (rightfully so!), and there are many others who helped and contributed along the way.
I am indebted to the roster of reviewers who provided useful comments at various stages of the books development, as did the readers of the Manning Early Access Program (MEAP) edition. To all the reviewers, Al Pezewski, Billy Miguel Vanegas, Daniel Vsquez, Darren Gillis, David Paccoud, Dennis Hayes Djordje, Dorogoy Dmitry Sergevich, Doyle Turner, Emmanouil Chardalas, Guy Langston, Harry Polder, Jedidja Bourgeois, Joe Cuevas, Jose Luis Perez, Marcin Sk, Marek Petak, Markus Wolff, Matthew Harvell, Michael Holmes, Milos Todorovic, Nick McGinness, Nik Rimington, Onofrei George, Paul Brown, Richard Vaughan, Ron Lease, Samuel Bosch, Stanley Anozie, Sumit K. Singh, Tom Gueth, Viorel-Marian Moisei, and Wayne Mather, thank you for your input and for helping to improve this book.
Several trusted colleagues and friends also gave invaluable feedback and made the book so much better. Thank you all for your insights and support!
Special thanks to Doug Rudder, my developmental editor, who not only kept the project on track, but also caught me every time I cut corners, further improving the book.
The title of the book says it all: it covers security for ASP.NET Core applications, so it details various threats and risks for web applications based on Microsofts .NET technology. I believe in the show, dont tell principle, so you will see not only APIs and countermeasures, but also how an attack takes place. Real-world incidents will serve as the basis for many of the chapters.
Font size:
Interval:
Bookmark:
Similar books «ASP.NET Core Security»
Look at similar books to ASP.NET Core Security. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book ASP.NET Core Security and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.