Using Security Analysis Tools to Protect ASP.NET 3 and ASP.NET Core 3 Applications
Improve the security of your ASP.NET (Core or Framework) web applications by scanning both the code you write and the packages you use in those applications. Even better, include those scans in automated build pipelines!
What you'll learn
Scanning your custom web application code for common vulnerabilities and scanning the packages that your applications reference can improve the security of your ASP.NET (Core and Framework) web applications. In this course, Using Security Analysis Tools to Protect ASP.NET and ASP.NET Core Applications, you will learn foundational knowledge of/gain the ability to add these types of scans both into your development setup, and automated build pipelines. First, you will learn static code analysis and how to get a security-focused static code analyzer to scan your application code. Next, you will discover package vulnerability scanning, which will analyze the packages your application relies on against a database of known vulnerabilities. Finally, you will explore how to incorporate both of these types of scan into automated build pipelines. When you’re finished with this course, you will have the skills and knowledge of security application scanning needed to improve the overall security of your ASP.NET and ASP.NET Core web applications.
Table of contents
- Version Check 0m
- Application Security in Context 3m
- Module Overview and Justification 2m
- Which Vulnerabilities Can Be Detected? 2m
- Options for Static Code Analysis 2m
- Demo: Setting up Security Code Scanning 4m
- Demo: Suppressing False Positives 2m
- Demo: Deep Scans and SQL Injection 2m
- Demo: WebGoat.NET Framework Project and Web.Config Files 3m
- Summary 1m
- Introduction and Module Overview 1m
- Libraries and Frameworks in Context 2m
- OWASP, NIST, and the NVD 2m
- Classifying Vulnerabilities 5m
- Options for Package Vulnerability Scanning 2m
- Scanning NuGet Packages with NuGetDefense 5m
- Configuration Options with NuGetDefense 4m
- Scanning JavaScript Packages with npm audit 3m
- Summary 1m
- Overview 1m
- Continuous Integration Defined 1m
- Demo Overview and Azure DevOps Repo Creation 4m
- Demo: Azure DevOps Build Pipeline 2m
- Demo: Azure DevOps Continuous Integration and Build Results 3m
- Demo: Adding npm audit to an Azure DevOps Pipeline 4m
- Demo: ASP.NET Core Azure DevOps Pipeline with YAML 2m
- Demo: Setting up a GitHub Action (ASP.NET Framework) 4m
- Demo: Adding npm Steps to a GitHub Action 3m
- Demo: ASP.NET Core GitHub Actions 3m
- Practical Implications for Build Pipelines 2m
- Summary and Send-off 1m
About the author
Erik Dahl has been developing software and architecture for 20+ years, mostly doing in-house development for his employers. His recent work has included a multi-tenant B2B implementation and self-registration B2C implementation for Duende IdentityServer, upgrading legacy ASP.NET websites from server-side technologies to a client/server mix and adopting TypeScript, building Web APIs as the back end for mobile and web applications, and finding ways to modernize existing applications and make them ... more