Configuring Security Headers in ASP.NET and ASP.NET Core Applications

By Roland Guijt
After watching this course you'll have the knowledge and skills to mitigate common browser attacks by setting HTTP headers. The code samples are in ASP.NET Core and ASP.NET for .NET Framework.
Play course overview
Course info
Level
Intermediate
Updated
Sep 30, 2019
Duration
52m
Table of contents
Course Overview
Course Overview 1m
How Security Headers Help Protect Your Application
Module Overview 1m The Browser Is Unsafe: How HTTP Headers Can Help 4m Adding HTTP Headers to the Response with Filters 3m Using Middleware to Add HTTP Headers 2m Emitting HTTP Headers Using the Web.Config and NWebSec 1m Determining Which Security Headers Are Needed 1m Summary 1m
Controlling the Browser to Protect Against Cross Site Scripting (XSS) and Click-Jacking Attacks
Module Overview 1m Cross Site Scripting (XSS) Attacks 5m The Content-Security-Policy (CSP) Header 2m Writing a Content Security Policy 5m Click-Jacking Attacks 3m Controlling IFrames with CSP and the x-frame-options Header 3m The Feature-Policy Header 2m Summary 0m
Reducing the Attack Surface with X-Content-Type-Options, Subsource Integrity, and by Withholding Version Information
Module Overview 1m Turning Off MIME Sniffing to Prevent XSS 3m Secure CDN Access with the Subresource Integrity Check 4m Preventing Leaking of URL Information with the Referrer-policy Header 6m Controlling ASP.NET Version Headers 2m Preventing Caching with the Cache-Control Header 2m Summary 1m
Description
Course info
Level
Intermediate
Updated
Sep 30, 2019
Duration
52m
Description

You’ve heard about attacks like Cross Site Scripting (CSS) and click-jacking. This course, Configuring Security Headers in ASP.NET and ASP.NET Core Applications, will give you the skills needed to mitigate these kinds of attacks by turning on browser features in your ASP.NET(Core) application like Content Security Policy (CSP), Referrer Policy and Feature Policy. By the end of this course you'll not only know how to make these configurations, you'll understand how these attacks work.

About the author
Roland Guijt
About the author

Roland is a Microsoft MVP enjoying a constant curiosity around new techniques in software development. His focus is on all things .Net and browser technologies.

More from the author
Understanding ASP.NET Core 3.x
Beginner
2h 58m
Aug 20, 2019
Getting Started with ASP.NET SignalR
Beginner
1h 2m
May 16, 2019
More courses by Roland Guijt
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
[Autogenerated] Hi, everyone. My name is Roland Martin. Welcome to my course, configuring security headers in a Speedo net and a Speedo Net score applications. I'm a Microsoft M v p. An independent consultant and trainer based in the Netherlands. I have some bad as some good news for you. The bad days that browsers are unsafe by default, the goodies that the browser itself console the problem for the most part by using security headers, and that's what its course is about. So if the major topics we will cover include how, http headers can be set in both a spiel net and a spear in its core applications, protecting against cross site scripting and click jacking attacks using Harris controlling refer information and minimizing exposure off sensitive data. By the end of this course, you are able to effectively protect the browser sight of your application against the most common attacks. Before beginning the course, you should be familiar with either a year Spiegel net core or a hospital net for don't know framework. So get ready to invest a little time to protect your application with my course. Configuring security had us in a Speedo bet on a speed of Death Corps applications at Little site

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT