Course

Skills

Secure Coding in ASP.NET Core

ASP.NET Core is used to build mission critical applications handling sensitive data. This course will teach you how to implement the most common security requirements and defenses recommended by OWASP in your ASP.NET Core applications.

What you'll learn

Developers use ASP.NET Core to build applications with stringent security requirements and rely on OWASP resources to learn how to do it. In this course, Secure Coding in ASP.NET Core, you’ll learn to create more secure Web apps on the .NET platform using OWASP resources. First, you’ll explore authentication and authorization. Next, you’ll discover how to securely handle input and output data. Finally, you’ll learn how to protect sensitive data and harden your application. When you’re finished with this course, you’ll have the skills and knowledge of ASP.NET Core secure coding techniques needed to protect your users and applications.

Course Overview

1min

Course Overview 2m

Secure Coding with OWASP Resources

19mins

Introduction to OWASP 5m
OWASP ASVS 6m
OWASP ASVS: Architecture 8m

Authentication

26mins

ASP.NET Core Identity 5m
Demo: Implement User Authentication 6m
Password Hashing 4m
Demo: Password Strength Policy 2m
Demo: Sign-up and Account Confirmation 3m
Demo: Password Reset 1m
Demo: Two-factor Authentication 4m
Demo: Rate Limiting Failed Logins 2m

Session Management

18mins

ASP.NET Core Sessions 5m
Demo: Cookie-based Session Parameters 5m
Demo: Step-up Authentication 4m
Demo: Logout 4m

Access Control

24mins

ASP.NET Core Authorization 7m
Demo: Role-based Access Control 4m
Demo: Claims-based Access Control 5m
Demo: Rendering UI Based on Level of Access 3m
Preventing Cross-site Request Forgery (CSRF) Attacks 6m

Securely Handling Input and Output Data

42mins

Input Validation 6m
Demo: Input Validation 6m
Demo: Redirect URL Validation 2m
Encoding Output Data 3m
Demo: Invoking Encoders in Code 3m
Injection Attacks 8m
Demo: Prevent SQL Injection Attacks with Entity Framework Core and ADO.NET 3m
Demo: Prevent Operating System (OS) Command Injection 2m
Insecure Deserialization 5m
Demo: Prevent XML External Entity (XXE) Aattack 4m

Protecting Sensitive Data

46mins

ASP.NET Core Data Protection 8m
Demo: Encrypt and Decrypt Sensitive Data 3m
Demo: Secrets Management 6m
Protecting Data in the Browser 8m
Demo: Send Sensitive Data in HTTP Request Body 3m
Demo: Prevent Data from Being Cached in the Browser 3m
Data Privacy 4m
Demo: Implement Export and Deletion of Personal Data 4m
Protecting Data in Transit 2m
Demo: Enforce Use of HTTPS Protocol 3m
Demo: Secure TLS Configuration for Outbound Network Connections 3m

Secure Error Handling and Logging

16mins

ASP.NET Core Logging and Exception Handling 7m
Demo: Redact Sensitive Information Before Logging 3m
Demo: Log Relevant Security Events 4m
Demo: Prevent Leaking Sensitive Information through Error Pages 2m

Managing Vulnerable Dependencies

13mins

Risks from Dependencies 5m
Demo: NuGet Packages 3m
Demo: Find Vulnerable and Deprecated Dependencies 2m
Demo: Generate Sub-Resource Integrity (SRI) Hashes for JavaScript 4m

Protecting the Business Logic

16mins

Business Logic Flaws 6m
Demo: Protecting Business Logic Integrity 3m
Demo: Protecting Business Logic Flows 4m
Demo: Implement Rate Limiting 3m

Handling Untrusted Files

21mins

Handling Files in ASP.NET Core 7m
Demo: Prevent Large File Upload 2m
Demo: Scan Uploaded Files for Viruses and Malware 3m
Demo: Securely Store Uploaded Files 4m
Preventing Server-side Request Forgery (SSRF) Attacks 2m
Demo: Prevent SSRF Attacks 3m

Hardening Configuration

12mins

Hardening ASP.NET Core Applications 3m
Demo: Disable Debugging Facilities 2m
Demo: Hide System Component Information 2m
Demo: Validate HTTP Request Headers 2m
Demo: Set HTTP Security Headers in Responses 3m

API Security

18mins

Web Application Security Versus API Security 7m
Demo: Using Bearer Tokens 5m
Demo: Implementing CORS 3m
Course Summary 2m

About the author

Gavin Johnson-Lynn

Gavin has 20 years’ experience writing software in regulated environments and for global organisations. The last five years of his development career were spent with a focus on security, becoming the security lead for a significant payments project at a FTSE 100 company. He has experience with languages from COBOL to .Net and now often finds those skills useful when developing with Python. Gavin's experience of software security revealed a passion for security, leading him to become a speaker a... more

See more courses by Gavin Johnson-Lynn

Ready to upskill? Get started

Contact Sales

Secure Coding in ASP.NET Core

What you'll learn

Table of contents

About the author

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Contact Sales

Secure Coding in ASP.NET Core

What you'll learn

Table of contents

About the author

Get access now

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Ready to skill up
your entire team?

Ready to skill up
your entire team?