ASP. NET Core 5 Secure Coding Cookbook Practical Recipes for Tackling Vulnerabilities in Your ASP. NET Web Applications.
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Electronic eBook |
| Language: | English |
| Published: |
Birmingham :
Packt Publishing, Limited,
2021.
|
| Subjects: | |
| Online Access: |
Full text (Emmanuel users only) |
Table of Contents:
- Cover
- Copyright
- Foreword
- Contributors
- Table of Contents
- Preface
- Chapter 1: Secure Coding Fundamentals
- Technical requirements
- Input validation
- Enabling whitelist validation using validation attributes
- Getting ready
- How to do it...
- How it works...
- Whitelist validation using the FluentValidation library
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also...
- Syntactic and semantic validation
- Creating a custom validation attribute to implement semantic validation
- Getting ready
- How to do it...
- How it works...
- Input sanitization
- Getting ready
- How to do it...
- How it works...
- Input sanitization using the HTMLSanitizer library
- Getting ready
- How to do it...
- How it works...
- Output encoding
- Output encoding using HtmlEncoder
- Getting ready
- How to do it...
- How it works...
- Output encoding using UrlEncoder
- Getting ready
- How to do it...
- How it works...
- Output encoding using JavascriptEncoder
- Getting ready
- How to do it...
- How it works...
- Protecting sensitive data using the Data Protection API
- Getting ready
- How to do it...
- How it works...
- See also
- Chapter 2: Injection Flaws
- Technical requirements
- What is SQL injection?
- Fixing SQL injection with Entity Framework
- Getting ready
- How to do it...
- How it works...
- There's more...
- Fixing SQL injection in ADO.NET
- Getting ready
- How to do it...
- How it works...
- There's more...
- Fixing NoSQL injection
- Getting ready
- How to do it...
- How it works...
- There's more...
- Fixing command injection
- Getting ready
- How to do it...
- How it works...
- There's more...
- Fixing LDAP injection
- Getting ready
- How to do it...
- How it works...
- Fixing XPath injection
- Getting ready
- How to do it...
- How it works...
- There's more...
- Chapter 3: Broken Authentication
- Technical requirements
- Fixing the incorrect restrictions of excessive authentication attempts
- Getting ready
- How to do it...
- How it works...
- There's more...
- Fixing insufficiently protected credentials
- Getting ready
- How to do it...
- How it works...
- Fixing user enumeration
- Getting ready
- How to do it...
- How it works...
- Fixing weak password requirements
- Getting ready
- How to do it...
- How it works...
- Fixing insufficient session expiration
- Getting ready
- How to do it...
- How it works...
- Chapter 4: Sensitive Data Exposure
- Technical requirements
- Fixing insufficient protection of data in transit
- Getting ready
- How to do it...
- How it works...
- Fix missing HSTS headers
- Getting ready
- How to do it...
- How it works...
- There's more...
- Fixing weak protocols
- Getting ready
- How to do it...
- How it works...
- Fixing hardcoded cryptographic keys
- Getting ready
- How to do it...
- How it works...
- There's more...
- Disabling caching for critical web pages
- Getting ready
- How to do it...
- How it works...