ASP NET Core Security 1st Edition by Christian Wenz ISBN 9781633439986 1633439984

ASP NET Core Security 1st Edition by Christian Wenz – Ebook PDF Instant Download/Delivery: 9781633439986 ,1633439984
Full download ASP NET Core Security 1st Edition after payment

Product details:

ISBN 10: 1633439984
ISBN 13: 9781633439986
Author: Christian Wenz

ASP NET Core Security 1st Edition Table of contents:

Part 1 First steps

1 On web application security

1.1 ASP.NET Core: History and options

1.1.1 ASP.NET Core version history

1.1.2 MVC

1.1.3 Razor Pages

1.1.4 Web API

1.1.5 Blazor

1.2 Identifying and mitigating threats

1.2.1 Web application components

1.2.2 Defense in depth

1.3 Security-related APIs

1.4 Security is important

Summary

Part 2 Mitigating common attacks

2 Cross-site scripting (XSS)

2.1 Anatomy of a cross-site scripting attack

2.2 Preventing cross-site scripting

2.2.1 Understanding the same-origin policy

2.2.2 Escaping HTML

2.2.3 Escaping in a different context

2.3 Content Security Policy

2.3.1 Sample application

2.3.2 How Content Security Policy works

2.3.3 Refactoring applications for Content Security Policy

2.3.4 Content Security Policy best practices

2.3.5 Content Security Policy Level 3 features

2.4 More browser safeguards

Summary

3 Attacking session management

3.1 Anatomy of a session management attack

3.1.1 Stealing session cookies

3.1.2 Cookies and session management

3.2 ASP.NET Core cookie and session settings

3.3 Enforcing HTTPS

3.4 Detecting session hijacking

Summary

4 Cross-site request forgery

4.1 Anatomy of a cross-site request forgery attack

4.2 Cross-site request forgery countermeasures

4.2.1 Making the HTTP request unpredictable

4.2.2 Securing the session cookie

4.3 Clickjacking

4.4 Cross-origin resource sharing

Summary

5 Unvalidated data

5.1 Looking at HTTP

5.2 ASP.NET Core validation

5.3 Mass assignment

5.4 Secure deserialization

Summary

6 SQL injection (and other injections)

6.1 Anatomy of an SQL injection attack

6.2 Prepared statements

6.3 Entity Framework Core

6.4 XML external entities

6.5 Other injections

Summary

Part 3 Secure data storage

7 Storing secrets

7.1 On encryption

7.2 Secret Manager

7.3 The appsettings.json file

7.4 Storing secrets in the cloud

7.4.1 Storing secrets in Azure

7.4.2 Storing secrets in AWS

7.4.3 Storing secrets in Google Cloud

7.5 Using the data protection API

7.6 Storing secrets locally with Blazor

Summary

8 Handling passwords

8.1 From data leak to password theft

8.2 Implementing password hashing

8.2.1 MD5 (and why not to use it)

8.2.2 PBKDF2

8.2.3 Argon2

8.2.4 scrypt

8.2.5 bcrypt

8.3 Analyzing ASP.NET Core templates

Summary

Part 4 Configuration

9 HTTP headers

9.1 Hiding server information

9.2 Browser security headers

9.2.1 Referrer Policy

9.2.2 Feature and permissions policy

9.2.3 Preventing content sniffing

9.2.4 Cross-origin policies

9.2.5 Further headers

Summary

10 Error handling

10.1 Error pages for web applications

10.1.1 Custom error pages

10.1.2 Status code error pages

10.2 Handling errors in APIs

Summary

11 Logging and health checks

11.1 Health checks

11.1.1 Health check setup

11.1.2 Advanced heath checks

11.1.3 Formatting the output

11.1.4 Health checks UI

11.2 Logging

11.2.1 Creating log entries

11.2.2 Log levels

11.2.3 Log scopes

Summary

Part 5 Authentication and authorization

12 Securing web applications with ASP.NET Core Identity

12.1 ASP.NET Core Identity setup

12.2 ASP.NET Core Identity fundamentals

12.3 Advanced ASP.NET Core Identity features

12.3.1 Password options

12.3.2 Cookie options

12.3.3 Locking out users

12.3.4 Working with claims

12.3.5 Two-factor authentication

12.3.6 Authenticating with external providers

Summary

13 Securing APIs and single page applications

13.1 Securing APIs with tokens

13.2 OAuth and OpenID Connect

13.2.1 OAuth vs. OpenID Connect

13.2.2 OAuth flows

13.3 Securing applications

13.3.1 Third-party tools

13.3.2 Client credentials

13.3.3 Authorization code + PKCE

13.3.4 SPAs and BFF

Summary

Part 6 Security as a process

14 Secure dependencies

14.1 Using npm audit

14.2 Keeping NuGet dependencies up-to-date

Summary

15 Audit tools

15.1 Finding vulnerabilities

15.2 OWASP ZAP

15.3 Security Code Scan

15.4 GitHub Advanced Security

Summary

16 OWASP Top 10

16.1 OWASP Top 10

16.1.1 Top 10 creation process

16.1.2 #1: Broken access control

16.1.3 #2: Cryptographic failures

16.1.4 #3: Injection

16.1.5 #4: Insecure design

16.1.6 #5: Security misconfiguration

16.1.7 #6: Vulnerable and outdated components

16.1.8 #7: Identification and authentication failures

16.1.9 #8: Software and data integrity failures

16.1.10 #9: Security logging and monitoring failures

16.1.11 #10: Server-side request forgery

16.2 OWASP API Top 10

16.3 Other lists

Summary

index

People also search for ASP NET Core Security 1st Edition:

    
security update for microsoft asp net core july 2019
    
microsoft asp net core security update january 2020
    
is asp.net identity secure
    
asp.net core policy
    
system.web.security in asp net.core

Tags: Christian Wenz, ASP NET, Core Security