Speaker: Christian Wenz

Abstract:

According to a study, 9 out of 10 web applications have security vulnerabilities. However in this day and age, there is no real excuse for sites that can be easily attacked. .NET provides countermeasures against most common attacks, and modern web browsers include additional safeguards in form of HTTP headers and other security features.
This tutorial provides you with best practices to write code that is as secure as possible. You will see various attacks and of course countermeasures from a .NET perspective. We will also try to find vulnerabilities in an existing application, and draw some conclusions from that. At the end of the day, you will be aware of both the common (and uncommon) security risks for web applications, and how to mitigate them.

Objectives:

  • Understand common security risks for web applications
  • Learn about countermeasures specific to ASP.NET Core
  • Understand browser security features, and how to use them

Topics covered:

Attacks: Cross-site Scripting, Cross-Site Request Forgery, mass assignment, session management attacks, SQL injection, and a few more uncommon ones.

Countermeasures: Content Security Policy, security-related cookie flags, various other HTTP headers, APIs and features from ASP.NET Core

Intended audience:

Developers with basic knowledge of ASP.NET Core

Required equipment:

PC

Required software:

Web browser

Workshop type:

Lecture, with labs