ASP.NET Core Security (Paperback)

Secure your ASP.NET applications before you get hacked! This practical guide includes secure coding techniques with annotated examples and full coverage of built-in ASP.NET Core security tools.

In ASP.NET Core Security, you will learn how to:

Understand and recognize common web app attacks
Implement attack countermeasures
Use testing and scanning tools and libraries
Activate built-in browser security features from ASP.NET
Take advantage of .NET and ASP.NET Core security APIs
Manage passwords to minimize damage from a data leak
Securely store application secrets

ASP.NET Core Security teaches you the skills and countermeasures you need to keep your ASP.NET Core apps secure from the most common web application attacks. With this collection of practical techniques, you will be able to anticipate risks and introduce practices like testing as regular security checkups. You'll be fascinated as the author explores real-world security breaches, including rogue Firefox extensions and Adobe password thefts. The examples present universal security best practices with a sharp focus on the unique needs of ASP.NET Core applications.

Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.

About the technology
Your ASP.NET Core applications are under attack now. Are you ready? Th ere are specific countermeasures you can apply to keep your company out of the headlines. This book demonstrates exactly how to secure ASP.NET Core web applications, including safe browser interactions, recognizing common threats, and deploying the framework's unique security APIs.

About the book
ASP.NET Core Security is a realistic guide to securing your web applications. It starts on the dark side, exploring case studies of cross-site scripting, SQL injection, and other weapons used by hackers. As you go, you'll learn how to implement countermeasures, activate browser security features, minimize attack damage, and securely store application secrets. Detailed ASP.NET Core code samples in C# show you how each technique looks in practice.

What's inside

Understand and recognize common web app attacks
Testing tools, helper libraries, and scanning tools
Activate built-in browser security features
Take advantage of .NET and ASP.NET Core security APIs
Manage passwords to minimize damage from a data leak

About the reader
For experienced ASP.NET Core web developers.

About the author
Christian Wenz is a web pioneer, consultant, and entrepreneur.

Table of Contents

PART 1 FIRST STEPS
1 On web application security
PART 2 MITIGATING COMMON ATTACKS
2 Cross-site scripting (XSS)
3 Attacking session management
4 Cross-site request forgery
5 Unvalidated data
6 SQL injection (and other injections)
PART 3 SECURE DATA STORAGE
7 Storing secrets
8 Handling passwords
PART 4 CONFIGURATION
9 HTTP headers
10 Error handling
11 Logging and health checks
PART 5 AUTHENTICATION AND AUTHORIZATION
12 Securing web applications with ASP.NET Core Identity
13 Securing APIs and single page applications
PART 6 SECURITY AS A PROCESS
14 Secure dependencies
15 Audit tools
16 OWASP Top 10

在你的 ASP.NET 應用程式被駭客攻擊之前，請先確保其安全性！這本實用指南包含了帶有註解範例的安全編碼技巧，並全面介紹了內建的 ASP.NET Core 安全工具。

在《ASP.NET Core Security》中，你將學習到以下技巧：
- 瞭解並識別常見的網路應用程式攻擊
- 實施攻擊對策
- 使用測試和掃描工具和函式庫
- 啟用 ASP.NET 內建的瀏覽器安全功能
- 利用 .NET 和 ASP.NET Core 的安全 API
- 管理密碼以減少資料洩漏造成的損害
- 安全地儲存應用程式機密資訊

《ASP.NET Core Security》將教授你保護 ASP.NET Core 應用程式免受最常見的網路應用程式攻擊的技巧和對策。透過這些實用技巧的集合，你將能夠預見風險並引入像是定期安全檢查的測試等實踐。作者將探討真實世界的安全漏洞，包括惡意 Firefox 擴充功能和 Adobe 密碼被盜事件。這些範例將呈現出通用的安全最佳實踐，並特別關注 ASP.NET Core 應用程式的獨特需求。

購買印刷版書籍將包含 Manning Publications 提供的 PDF、Kindle 和 ePub 格式的免費電子書。

關於技術：
你的 ASP.NET Core 應用程式現在正受到攻擊。你準備好了嗎？這本書將示範如何確保 ASP.NET Core 網路應用程式的安全性，包括安全的瀏覽器互動、識別常見威脅和部署框架獨特的安全 API。

關於本書：
《ASP.NET Core Security》是一本實際指南，教你如何保護你的網路應用程式。它從黑暗面開始，探討了跨站腳本攻擊、SQL 注入和其他駭客使用的攻擊手法的案例研究。隨著你的學習，你將學會如何實施對策、啟用瀏覽器安全功能、減少攻擊損害並安全地儲存應用程式機密資訊。書中以 C# 程式碼提供了詳細的 ASP.NET Core 範例，讓你能夠實際看到每個技巧的應用。

內容簡介：
- 瞭解並識別常見的網路應用程式攻擊
- 測試工具、輔助函式庫和掃描工具
- 啟用內建的瀏覽器安全功能
- 利用 .NET 和 ASP.NET Core 的安全 API
- 管理密碼以減少資料洩漏造成的損害

讀者對象：
有經驗的 ASP.NET Core 網頁開發人員。

關於作者：
Christian Wenz 是一位網頁先驅、顧問和企業家。

目錄：
第一部分 初步步驟
1 網路應用程式安全性
第二部分 減輕常見攻擊
2 跨站腳本攻擊 (XSS)
3 攻擊會話管理
4 跨站請求偽造
5 未驗證的資料
6 SQL 注入 (和其他注入攻擊)
第三部分 安全資料儲存
7 儲存機密資訊
8 處理密碼
第四部分 組態
9 HTTP 標頭
10 錯誤處理
11 記錄和健康檢查
第五部分 認證和授權
12 使用 ASP.NET Core Identity 保護網頁應用程式
13 保護 API 和單頁應用程式
第六部分 安全作為一個流程
14 安全相依性
15 審計工具
16 OWASP 十大安全風險

Christian Wenz is a web pioneer, technology specialist, and entrepreneur. Since 1999, he has written close to 150 books on web technologies and related topics, which have been translated into ten languages. In his day job, he consults enterprises on digitization and Industry 4.0. A fixture at international developer conferences, he has presented on three continents. Christian has been an MVP for ASP.NET since 2004, is the lead author of the official PHP certification, and sporadically contributes to OSS projects. He holds university degrees in computer science and business informatics and is a two-time recipient of a Knuth award check.

Christian Wenz是一位網路先驅、技術專家和企業家。自1999年以來，他已經撰寫了近150本關於網路技術和相關主題的書籍，並被翻譯成十種語言。在他的日常工作中，他為企業提供數位化和工業4.0的諮詢服務。作為國際開發者大會的常客，他曾在三大洲上發表演講。Christian自2004年以來一直是ASP.NET的MVP，是官方PHP認證的主要作者，並不時為開源項目做出貢獻。他擁有計算機科學和商業資訊學的大學學位，並兩次獲得Knuth獎勵金。