All courses
Resource hub
Featured resource
Tech Upskilling Playbook 2025
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Learn more
Hamburger Icon
  • Path icon Learning Path
    • Libraries: This path is only available in the libraries listed. To access this path, purchase a license for the corresponding library.
  • Core Tech
    •

Securing ASP.NET and ASP.NET Core Applications

14 Courses
14 Hours
Skill IQ

Security is an integral part of any Web-based application. Understanding ASP.NET security will help in building secure Web applications.

ASP.NET Core enables developers to easily configure and manage security for their apps. ASP.NET Core contains features for managing authentication, authorization, data protection, HTTPS enforcement, app secrets, anti-request forgery protection, and CORS management. These security features allow you to build robust yet secure ASP.NET Core apps.

Get started

Content in this path

Beginning

ASP.NET and ASP.NET Core provide many tools and libraries for securing and authenticating your applications including build-in identity providers. This beginning section, will introduce you to some of the features which allow you to build robust yet secure applications.

Course

ASP.NET Authentication: The Big Picture

  • by Scott Brady
  • 1h 34m
  • Oct 14, 2019

Intermediate

Continue learning about the fundamentals of securing website applications built with both ASP.NET and ASP.NET Core with topics such as:

Configuring Browser Features and HTTP Headers to secure an ASP.NET or ASP.NET Core application or service. Configuring ASP.NET and ASP.NET Core Applications and Services to properly handle and report errors. How to analyze threats to your login process and recommend strategies to mitigate each threat.

Course

Implementing HTTPS in ASP.NET 4 and ASP.NET Core 3

  • by Matt Milner
  • 47m
  • Mar 18, 2022
Course

Securing Application Secrets in ASP.NET Core 3

  • by Matt Tester
  • 51m
  • Apr 20, 2022
Course

Configuring Security Headers in ASP.NET 4 and ASP.NET Core 3 Applications

  • by Roland Guijt
  • 52m
  • Jun 16, 2022
Course

Securely Handling Errors and Logging Security Events in ASP.NET 3 and ASP.NET Core 2

  • by Erik Dahl
  • 1h 3m
  • May 17, 2022
Course

Secure User Account and Authentication Practices in ASP.NET 3 and ASP.NET Core 3

  • by Erik Dahl
  • 2h 16m
  • May 17, 2022
Course

ASP.NET Core 3 and ASP.NET 4 Input Validation

  • by Roland Guijt
  • 46m
  • Jun 16, 2022
Course

Defeating Injection Attacks in ASP.NET and ASP.NET Core

  • by Matt Honeycutt
  • 26m
  • Jan 22, 2020
Course

Cross Site Request Forgery (CSRF) Prevention for ASP.NET Core 3 and ASP.NET 4 Applications

  • by Roland Guijt
  • 23m
  • Jun 16, 2022
Course

Cross Site Scripting (XSS) Prevention for ASP.NET Core 3 and ASP.NET 4 Applications

  • by Roland Guijt
  • 26m
  • Jun 16, 2022
Course

Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core

  • by David Berry
  • 28m
  • Apr 07, 2020
Course

Protecting Sensitive Data From Exposure in ASP.NET 3 and ASP.NET Core 3 Applications

  • by Matt Tester
  • 1h 32m
  • Apr 20, 2022

Advanced

In this section, you will learn the more advanced techniques of securing your websites.

Some of the more advanced topics covered in this advanced group will be:

How to configure code analysis to scan an ASP.NET or ASP.NET Core application for security vulnerabilities. Learn about the importance of scanning applications for outdated or vulnerable libraries. Learn how to use the Same Origin Policy and configure Cross-Origin Resource Sharing (CORS) for secure browser access to APIs.

Course

Using Security Analysis Tools to Protect ASP.NET 3 and ASP.NET Core 3 Applications

  • by Erik Dahl
  • 1h 21m
  • May 17, 2022
Course

Configuring CORS in ASP.NET 2 and ASP.NET Core 2

  • by Nertil Poci
  • 50m
  • Jun 09, 2022
Try this learning path for free
Access this learning path and other top-rated tech content with a free trial.
Free individual trial Free team trial
Have questions? Get them answered now.
Start a live chat
What You'll Learn
  • Learn how to identify common attack scenarios and prevent insider threats to applications and data.
  • The courses included in this path are designed to take you from understanding security principals such as the Principle of Least Access, Malignant User Input, and Separation of Responsibilities through advanced subjects such as securing applications from XML External Entities and ways to secure applications from exposing sensitive data and cross-site injection attacks.
  • By the end of this path, you will possess the tools and knowledge required to protect your data and website from external and internal threats.
Prerequisites
  • This path is intended for .NET developers that possess a minimum of intermediate programming experience in ASP.NET and C#.
Related topics
  • ASP.NET
  • C#
  • Visual Studio
  • ASP.NET Core
  • Securing ASP.NET Applications
  • Web application security
Not sure where to start?
With over 500 assessments to choose from, you can see where your skills stand and receive adaptive learning recommendations to fill knowledge gaps in as little as 10 minutes.
Learn more

Learn with the best

Scott Brady
Scott Brady
Scott Brady is a software developer specializing in identity and access management. Focusing on ASP.NET, Scott has increasingly found himself in undocumented territory, piecing together the facts and attempting to pass them on so that others don't have to go through the same. Scott currently work as a Senior Software Engineer for Rock Solid Knowledge and is a contributor to the IdentityServer OSS project, the leading OpenID Connect and OAuth framework for .NET.
Matt Milner
Matt Milner
Matt is an independent consultant with expertise in web application design and development and systems integration. As a writer, Matt has contributed to several journals and magazines such as MSDN Magazine. Matt regularly shares his love of technology by speaking at local, regional, and international conferences such as DevWeek, Prairie Dev Con, That Conference, and VS Live. As a Pluralsight Author, Matt has created more than 30 courses on the topics of web, mobile, and cloud development.
Matt Tester
Matt Tester
Matt is an experienced architect, developer, and mentor. Driven by making the complex simple, he takes pride in finding new and better ways to work with technology, sharing the lessons learned along the way. As principal consultant at Pure Blue, Matt develops and advises on applications for the cloud using Azure, .NET, and JavaScript. Matt lives in Christchurch, New Zealand where he enjoys mountain running and lifting heavy weights.
Roland Guijt
Roland Guijt
Roland is a Microsoft MVP enjoying a constant curiosity around new techniques in software development. His focus is on all things .Net and browser technologies. As a long-time trainer, he led many courses on these topics and spoke about them at international conferences. He also travels around the globe to offer his self-developed workshops. The word that comes to mind when he thinks about software development is passion! Roland lives in The Netherlands with his wife and two boys.
Erik Dahl
Erik Dahl
Erik Dahl has been developing software and architecture for 20+ years, mostly doing in-house development for his employers. His recent work has included a multi-tenant B2B implementation and self-registration B2C implementation for Duende IdentityServer, upgrading legacy ASP.NET websites from server-side technologies to a client/server mix and adopting TypeScript, building Web APIs as the back end for mobile and web applications, and finding ways to modernize existing applications and make them ...
Matt Honeycutt
Matt Honeycutt
Matt Honeycutt is a software architect specializing in ASP.NET web applications, particularly ASP.NET MVC. He has over a decade of experience in building (and testing!) web applications. He’s an avid practitioner of Test-Driven Development, creating both the SpecsFor and SpecsFor.Mvc frameworks. He has served as the lead developer on numerous multi-million dollar software projects and enjoys finding elegant solutions to difficult problems. As life-long learner, Matt remains dedicated to expan...
David Berry
David Berry
David Berry is a software engineer with over 15 years of application development experience. He started developing software in Java 1.0 using an Oracle 7 backend. Making the switch to Microsoft .NET when it was released, he has worked with every version of .NET since. He has also worked with every version of Oracle since Oracle 7 and ever version of SQL Server since SQL Server 7. His experience spans a broad range of industries including semiconductors, financial services, insurance an gove...
Nertil Poci
Nertil Poci
Nertil is a freelance software architect working with different companies around the globe to help them bring their products to market. He has a master’s degree in computer science with a focus in software architecture. One of his main passions is discovering new tools and libraries that exists out there. Knowing what tools are available building apps much easier and gives you the confidence you need when challenging task comes along. Nertil enjoys building practical open source apps in his spar...

Join our learners and upskill
in leading technologies