31,19 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
ASP.NET Core developers are often presented with security test results showing the vulnerabilities found in their web apps. While the report may provide some high-level fix suggestions, it does not specify the exact steps that you need to take to resolve or fix weaknesses discovered by these tests.
In ASP.NET Secure Coding Cookbook, you’ll start by learning the fundamental concepts of secure coding and then gradually progress to identifying common web app vulnerabilities in code. As you progress, you’ll cover recipes for fixing security misconfigurations in ASP.NET Core web apps. The book further demonstrates how you can resolve different types of Cross-Site Scripting. A dedicated section also takes you through fixing miscellaneous vulnerabilities that are no longer in the OWASP Top 10 list. This book features a recipe-style format, with each recipe containing sample unsecure code that presents the problem and corresponding solutions to eliminate the security bug. You’ll be able to follow along with each step of the exercise and use the accompanying sample ASP.NET Core solution to practice writing secure code.
By the end of this book, you’ll be able to identify unsecure code causing different security flaws in ASP.NET Core web apps and you’ll have gained hands-on experience in removing vulnerabilities and security defects from your code.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 262
Veröffentlichungsjahr: 2021
Ähnliche
ASP.NET Core 5 Secure Coding Cookbook
Practical recipes for tackling vulnerabilities in your ASP.NET web applications
Roman Canlas
BIRMINGHAM—MUMBAI
ASP.NET Core 5 Secure Coding Cookbook
Copyright © 2021 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author(s), nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Group Product Manager: Aaron Lazar
Publishing Product Manager: Richa Tripathi
Senior Editor: Ruvika Rao
Content Development Editor: Vaishali Ramkumar
Technical Editor: Karan Solanki
Copy Editor: Safis Editing
Project Coordinator: Deeksha Thakkar
Proofreader: Safis Editing
Indexer: Manju Arasan
Production Designer: Nilesh Mohite
First published: June 2021
Production reference: 3040821
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-80107-156-7
www.packt.com
To the reader, I hope I have piqued your interest in writing secure code and you'll learn as much as I have in writing this book. – Roman Canlas
Foreword
When tackling the topic of security, we should ask ourselves why we make technology and tools in the first place. Do we create for security or for a specific application? Afterall, there is a reason why we call software applications. We are applying purposes to our software. For this wisdom, we look to a woman who knew a lot about software, hardware, and big boats:
"A ship in port is safe, but that's not what ships are built for." - Grace Hopper
Similarly, your application is built for a reason. But, as Grace implies, security must be achieved, even if it isn't our primary purpose.
In ASP.NET Core 5 Secure Coding Cookbook, author Roman Canlas has set a precedent by writing a book with a title that you have to think about for a few seconds, before you can fully grok its purpose. Much like the title, you'll find yourself pondering and contemplating over the content of this book, finding new ways to apply this wisdom. You'll find practical solutions and detailed explanations, from security coding fundamentals, to fixing issues in injection, authentication, exposed data, and more.
One of the backbones of ASP.NET Core 5 is to provide an application development framework that champions and enables secure coding. It is no accident that Microsoft has provided these tools.
"Security is... our top priority - if we don't solve these security problems, then people will hold back."- Bill Gates
As Bill Gates once said, there is nothing more important than security. If your code isn't secure, then, as a developer, you will not build a robust application; it will be limited. Likewise, your users will also hold back and will be hesitant to how they might use and trust your application. It's critical that the framework allows secure coding capabilities, and it's equally important that you take this book to heart and implement these patterns, processes, and practices.
Take this book with you in your career, and then refer back to these recipes as often as you can. Just like chefs should review their recipes before they cook their culinary creations, you also should review these recipes before you serve your customers with a masterpiece of your own.
Ed Price Senior Program Manager of Architectural Publishing Microsoft | Azure Architecture Center (http://aka.ms/Architecture) Co-Author of 5 Books, including The Azure Cloud Native Architecture Mapbook and ASP.NET Core 5 for Beginners (both from Packt)
Contributors
About the author
Roman Canlas is a senior application security engineer working at a Fortune 500 company where he successfully established its global application security program from the ground up. His years of experience as a developer have led to him being an expert in secure code reviews and static application security testing, focusing on web technologies.
Roman holds multiple certifications: the GIAC Web Application Penetration Tester (GWAPT), ISC2's Certified Secure Software Lifecycle Professional (CSSLP), and EC-Council's Certified Application Security Engineer in .NET (CASE.NET).
Roman also has a master's degree in information systems and a bachelor's in computer science.
To Doug, Tim, and Chuck, thanks for believing in me and supporting my personal endeavor. To Richa, for believing in the book's topic and giving me the opportunity to write for Packt. To Vaishali, Ruvika, Karan, Nithya, Deeksha, and the rest of the Packt team, I thank you all for your tireless efforts. To Allan Mangune and Hemant Shah, both great technical reviewers, I am grateful for your comments and feedback.
About the reviewers
Hemant Shah is a strong advocate of shift left in the industry. His software developer training and background allow him to speak the developer's language in managing AppSec programs and helps the development team understand the value and impact of delivering secure software. He is a cloud and application security professional with a bachelor's degree in information technology with around 15 years of experience in designing, troubleshooting, and securing large-scale applications with sound exposure to OWASP. Secure coding reviews, risk assessment procedures, authentication technologies, policy formation, threat modeling, and design reviews are the key areas he is focused on.
Allan SP Mangune is a certified public accountant and holds a post-graduate degree of Master of Science in computer information systems from the University of Phoenix. He has been writing software since 2000 and practicing secure coding since he gained, in 2008, his Certified Ethical Hacker v5 credential. He has helped clients with their digital transformation journey and digital security. He has delivered Agile project management workshops to large organizations for more than a decade. He is a certified ScrumMaster and holds a Prince2 Agile Foundation certificate. For 10 years, he was awarded Microsoft MVP for ASP.NET and Development Technologies. He used to be a Microsoft Certified Trainer. He builds his own drones during his free time.
