ASP.NET Core 5 Secure Coding Cookbook: Practical recipes for tackling vulnerabilities in your ASP.NET web applications

Roman Canlas

買這商品的人也買了...

相關主題

商品描述

Key Features

  • Discover the different types of security weaknesses in ASP.NET Core web applications and learn how to fix them
  • Understand what code makes an ASP.NET Core web app unsafe
  • Build your secure coding knowledge by following straightforward recipes

Book Description

ASP.NET Core developers are often presented with security test results showing the vulnerabilities found in their web apps. While the report may provide some high-level fix suggestions, it does not specify the exact steps that you need to take to resolve or fix weaknesses discovered by these tests.

In ASP.NET Secure Coding Cookbook, you'll start by learning the fundamental concepts of secure coding and then gradually progress to identifying common web app vulnerabilities in code. As you progress, you'll cover recipes for fixing security misconfigurations in ASP.NET Core web apps. The book further demonstrates how you can resolve different types of Cross-Site Scripting. A dedicated section also takes you through fixing miscellaneous vulnerabilities that are no longer in the OWASP Top 10 list. This book features a recipe-style format, with each recipe containing sample unsecure code that presents the problem and corresponding solutions to eliminate the security bug. You'll be able to follow along with each step of the exercise and use the accompanying sample ASP.NET Core solution to practice writing secure code.

By the end of this book, you'll be able to identify unsecure code causing different security flaws in ASP.NET Core web apps and you'll have gained hands-on experience in removing vulnerabilities and security defects from your code.

What you will learn

  • Understand techniques for squashing an ASP.NET Core web app security bug
  • Discover different types of injection attacks and understand how you can prevent this vulnerability from being exploited
  • Fix security issues in code relating to broken authentication and authorization
  • Eliminate the risks of sensitive data exposure by getting up to speed with numerous protection techniques
  • Prevent security misconfiguration by enabling ASP.NET Core web application security features
  • Explore other ASP.NET web application vulnerabilities and secure coding best practices

Who this book is for

This ASP.NET Core book is for intermediate-level ASP.NET Core web developers and software engineers who use the framework to develop web applications and are looking to focus on their security using coding best practices. The book is also for application security engineers, analysts, and specialists who want to know more about securing ASP.NET Core using code and understand how to resolve issues identified by the security tests they perform daily.

商品描述(中文翻譯)

主要特點


  • 發現 ASP.NET Core 網頁應用程式中不同類型的安全弱點,並學習如何修復

  • 了解哪些程式碼會使 ASP.NET Core 網頁應用程式變得不安全

  • 通過遵循簡單的食譜來建立您的安全編碼知識

書籍描述

ASP.NET Core 開發人員通常會收到安全測試結果報告,顯示他們的網頁應用程式中發現的漏洞。儘管報告可能提供一些高層次的修復建議,但並未指定您需要採取的確切步驟來解決或修復這些測試發現的弱點。

在《ASP.NET Secure Coding Cookbook》中,您將首先學習安全編碼的基本概念,然後逐漸進展到識別代碼中常見的網頁應用程式漏洞。隨著進展,您將學習修復 ASP.NET Core 網頁應用程式中的安全配置錯誤的方法。本書還演示了如何解決不同類型的跨站腳本攻擊。另外,本書還介紹了修復 OWASP 十大漏洞清單之外的其他漏洞的方法。本書以食譜式格式編寫,每個食譜都包含示例不安全代碼,展示問題以及相應的解決方案以消除安全漏洞。您將能夠跟隨每個練習的每一步,並使用附帶的 ASP.NET Core 範例解決方案來練習編寫安全代碼。

通過閱讀本書,您將能夠識別 ASP.NET Core 網頁應用程式中導致不同安全缺陷的不安全代碼,並且將獲得從代碼中消除漏洞和安全缺陷的實踐經驗。

您將學到什麼


  • 了解壓制 ASP.NET Core 網頁應用程式安全漏洞的技術

  • 發現不同類型的注入攻擊,並了解如何防止利用這種漏洞

  • 修復與破損的身份驗證和授權相關的代碼安全問題

  • 通過掌握多種保護技術,消除敏感數據曝露的風險

  • 通過啟用 ASP.NET Core 網頁應用程式安全功能,預防安全配置錯誤

  • 探索其他 ASP.NET 網頁應用程式漏洞和安全編碼最佳實踐

本書適合對象

這本 ASP.NET Core 書籍適合中級水平的 ASP.NET Core 網頁開發人員和軟體工程師,他們使用該框架開發網頁應用程式,並希望通過編碼最佳實踐來關注安全性。本書還適用於應用程式安全工程師、分析師和專家,他們希望了解如何使用代碼保護 ASP.NET Core,並了解如何解決他們每天執行的安全測試中發現的問題。

作者簡介

Roman Canlas is a Senior Application Security Engineer working at a Fortune 500 company where he successfully established its global Application Security program from the ground up. His years of experience as a developer-led him to be an expert in Secure Code reviews and Static Application Security testing, focusing on web technologies.

Roman held multiple certifications; the GIAC Web Application Penetration Tester (GWAPT), ISC2’s Certified Secure Software Lifecycle Professional (CSSLP), and EC-Council’s Certified Application Security Engineer in .NET (CASE.NET).

Roman also has a Master’s degree in Information Systems and a Bachelors in Computer Science.

作者簡介(中文翻譯)

Roman Canlas 是一位在一家財富500強公司擔任高級應用安全工程師的專業人士,他成功地從零開始建立了該公司的全球應用安全計劃。作為一名開發人員,他多年的經驗使他成為安全代碼審查和靜態應用安全測試方面的專家,專注於網絡技術。

Roman 擁有多個認證,包括 GIAC 網絡應用滲透測試師(GWAPT)、ISC2 的認證安全軟件生命周期專業人員(CSSLP)和 EC-Council 的 .NET 應用安全工程師認證(CASE.NET)。

此外,Roman 還擁有信息系統碩士學位和計算機科學學士學位。

目錄大綱

  1. Secure Coding Fundamentals
  2. Injection Flaws
  3. Broken Authentication
  4. Sensitive Data Exposure
  5. XML External Entities
  6. Broken Access Control
  7. Security Misconfiguration
  8. Cross-Site Scripting
  9. Insecure Deserialization
  10. Using components with known vulnerabilities
  11. Insufficient Logging and Monitoring
  12. Miscellaneous Vulnerabilities
  13. Best Practices

目錄大綱(中文翻譯)

- 安全編碼基礎
- 注入漏洞
- 破損的身份驗證
- 敏感資料外洩
- XML外部實體
- 破損的存取控制
- 安全配置錯誤
- 跨站腳本攻擊
- 不安全的反序列化
- 使用已知漏洞的元件
- 不足的日誌記錄和監控
- 其他漏洞
- 最佳實踐