Configuring Security Headers in ASP.NET 4 and ASP.NET Core 3 Applications

by Roland Guijt

After watching this course you'll have the knowledge and skills to mitigate common browser attacks by setting HTTP headers. The code samples are in ASP.NET Core and ASP.NET for .NET Framework.

Preview this course

What you'll learn

You’ve heard about attacks like Cross Site Scripting (CSS) and click-jacking. This course, Configuring Security Headers in ASP.NET and ASP.NET Core Applications, will give you the skills needed to mitigate these kinds of attacks by turning on browser features in your ASP.NET(Core) application like Content Security Policy (CSP), Referrer Policy and Feature Policy. By the end of this course you'll not only know how to make these configurations, you'll understand how these attacks work.

Course Overview

1min

Course Overview 1m

How Security Headers Help Protect Your Application

13mins

Version Check 0m
Module Overview 1m
The Browser Is Unsafe: How HTTP Headers Can Help 4m
Adding HTTP Headers to the Response with Filters 3m
Using Middleware to Add HTTP Headers 2m
Emitting HTTP Headers Using the Web.Config and NWebSec 1m
Determining Which Security Headers Are Needed 1m
Summary 1m

Controlling the Browser to Protect Against Cross Site Scripting (XSS) and Click-Jacking Attacks

21mins

Module Overview 1m
Cross Site Scripting (XSS) Attacks 5m
The Content-Security-Policy (CSP) Header 2m
Writing a Content Security Policy 5m
Click-Jacking Attacks 3m
Controlling IFrames with CSP and the x-frame-options Header 3m
The Feature-Policy Header 2m
Summary 0m

Reducing the Attack Surface with X-Content-Type-Options, Subsource Integrity, and by Withholding Version Information

19mins

Module Overview 1m
Turning Off MIME Sniffing to Prevent XSS 3m
Secure CDN Access with the Subresource Integrity Check 4m
Preventing Leaking of URL Information with the Referrer-policy Header 6m
Controlling ASP.NET Version Headers 2m
Preventing Caching with the Cache-Control Header 2m
Summary 1m

About the author

Roland Guijt

Roland is a Microsoft MVP enjoying a constant curiosity around new techniques in software development. His focus is on all things .Net and browser technologies. As a long-time trainer, he led many courses on these topics and spoke about them at international conferences. He also travels around the globe to offer his self-developed workshops. The word that comes to mind when he thinks about software development is passion! Roland lives in The Netherlands with his wife and two boys.

See more courses by Roland Guijt

Ready to upskill? Get started

2022 Tech Forecast and
Build Better Blueprint

Prepare for shifts and trends in the industry

Configuring Security Headers in ASP.NET 4 and ASP.NET Core 3 Applications

What you'll learn

Table of contents

About the author

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Solutions

Platform

Company

Resources

Support

2022 Tech Forecast and Build Better Blueprint

Prepare for shifts and trends in the industry

Configuring Security Headers in ASP.NET 4 and ASP.NET Core 3 Applications

What you'll learn

Table of contents

About the author

Get access now

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Solutions

Platform

Company

Resources

Support

2022 Tech Forecast and
Build Better Blueprint

Ready to skill up
your entire team?

Ready to skill up
your entire team?