Configuring Security Headers in ASP.NET and ASP.NET Core Applications

By Roland Guijt
After watching this course you'll have the knowledge and skills to mitigate common browser attacks by setting HTTP headers. The code samples are in ASP.NET Core and ASP.NET for .NET Framework.
Play course overview
Course info
Level
Intermediate
Updated
Sep 30, 2019
Duration
52m
Table of contents
Course Overview
Course Overview 1m
How Security Headers Help Protect Your Application
Module Overview 1m The Browser Is Unsafe: How HTTP Headers Can Help 4m Adding HTTP Headers to the Response with Filters 3m Using Middleware to Add HTTP Headers 2m Emitting HTTP Headers Using the Web.Config and NWebSec 1m Determining Which Security Headers Are Needed 1m Summary 1m
Controlling the Browser to Protect Against Cross Site Scripting (XSS) and Click-Jacking Attacks
Module Overview 1m Cross Site Scripting (XSS) Attacks 5m The Content-Security-Policy (CSP) Header 2m Writing a Content Security Policy 5m Click-Jacking Attacks 3m Controlling IFrames with CSP and the x-frame-options Header 3m The Feature-Policy Header 2m Summary 0m
Reducing the Attack Surface with X-Content-Type-Options, Subsource Integrity, and by Withholding Version Information
Module Overview 1m Turning Off MIME Sniffing to Prevent XSS 3m Secure CDN Access with the Subresource Integrity Check 4m Preventing Leaking of URL Information with the Referrer-policy Header 6m Controlling ASP.NET Version Headers 2m Preventing Caching with the Cache-Control Header 2m Summary 1m
Description
Course info
Level
Intermediate
Updated
Sep 30, 2019
Duration
52m
Description

You’ve heard about attacks like Cross Site Scripting (CSS) and click-jacking. This course, Configuring Security Headers in ASP.NET and ASP.NET Core Applications, will give you the skills needed to mitigate these kinds of attacks by turning on browser features in your ASP.NET(Core) application like Content Security Policy (CSP), Referrer Policy and Feature Policy. By the end of this course you'll not only know how to make these configurations, you'll understand how these attacks work.

About the author
Roland Guijt
About the author

Roland is a Microsoft MVP enjoying a constant curiosity around new techniques in software development. His focus is on all things .Net and browser technologies.

More from the author
Creating Blazor Components
Intermediate
1h 21m
Dec 23, 2019
Understanding ASP.NET Core 3.x
Beginner
2h 58m
Aug 20, 2019
More courses by Roland Guijt
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
(Music) Hi everyone. My name is Roland Guijt, and welcome to my course, Configuring Security Headers in ASP.NET and ASP.NET Core Applications. I'm a Microsoft MVP and independent consultant and trainer based in The Netherlands. I have some bad and some good news for you. The bad is that browsers are unsafe by default. The good is that the browser itself can solve that problem for the most part by using security headers. And that's what this course is about. Some of the major topics we will cover include how HTTP headers can be set in both ASP.NET and ASP.NET Core applications, protecting against cross-site scripting and clickjacking attacks using headers, controlling referrer information, and minimizing exposure of sensitive data. By the end of this course, you are able to effectively protect the browser side of your application against the most common attacks. Before beginning the course, you should be familiar with either ASP.NET Core or ASP.NET for .NET Framework. So get ready to invest a little time to protect your application with my course, Configuring Security Headers in ASP.NET and ASP.NET Core Applications, at Pluralsight.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT