ASP.NET Core 5 Secure Coding Cookbook: Practical recipes for tackling vulnerabilities in your ASP.NET web applications
Roman Canlas
- 出版商: Packt Publishing
- 出版日期: 2021-07-16
- 售價: $1,700
- 貴賓價: 9.5 折 $1,615
- 語言: 英文
- 頁數: 324
- 裝訂: Quality Paper - also called trade paper
- ISBN: 180107156X
- ISBN-13: 9781801071567
-
相關分類:
.NET、ASP.NET
-
相關翻譯:
ASP.NET Core 工程師不可不知的 10大安全性漏洞與防駭方法 (繁中版)
買這商品的人也買了...
-
世界第一簡單資料庫$300$270 -
Computer Organization and Design RISC-V Edition: The Hardware Software Interface (Paperback)$3,370$3,202 -
無瑕的程式碼-整潔的軟體設計與架構篇 (Clean Architecture: A Craftsman's Guide to Software Structure and Design)$580$452 -
Python GUI 程式設計:PyQt5 實戰$690$538 -
最完整 5G 技術架構白皮書$780$616 -
$454區塊鏈開發實戰:基於 JavaScript 的公鏈與 DApp 開發 -
$505Python Qt GUI 與數據可視化編程 -
Kotlin 權威 2.0:Android 專家養成術 (Kotlin Programming: The Big Nerd Ranch Guide)$620$484 -
工業4.0 的物聯網智慧工廠應用與實作:使用 Arduino.Node-RED.MySQL.Node.js$500$350 -
GAN 對抗式生成網路 (GANs in Action: Deep learning with Generative Adversarial Networks)$750$593 -
$2,070Machine Learning Design Patterns: Solutions to Common Challenges in Data Preparation, Model Building, and Mlops (Paperback) -
操作介面設計模式, 3/e (Designing Interfaces, 3/e)$980$774 -
AI 手機 APP、智慧硬體專案實作|使用 TensorFlow Lite (iOS/Android/RPi適用) (Intelligent Mobile Projects with TensorFlow: Build 10+ Artificial Intelligence apps using TensorFlow Mobile and Lite for iOS, Android, and Raspberry Pi)$580$399 -
最踏實 AI 之路:全白話機器學習一次搞懂$780$616 -
$653TypeScript 入門與區塊鏈項目實戰 -
IoT 物聯網應用 - 使用 ESP32 開發版與 Arduino C 程式語言 - 最新版(第二版)$420$378 -
$458輕鬆學 ASP.NET 編程從入門到實戰 (案例·視頻·彩色版) -
圖解 Docker & Kubernetes 的知識與使用方法$620$465 -
AutoML 自動化機器學習:用 AutoKeras 超輕鬆打造高效能 AI 模型 (Automated Machine Learning with AutoKeras: Deep learning made accessible for everyone with just few lines of coding)$690$545 -
OpenCV 影像創意邁向 AI 視覺王者歸來 (全彩印刷)$890$703 -
Raspberry Pi 樹莓派:Python x AI 超應用聖經$699$552 -
資料結構 -- 使用 C, 5/e$600$474 -
Python 幫幫忙!用程式思維解決現實世界問題 (Real-World Python: A Hacker's Guide to Solving Problems with Code)$630$498 -
圖解區塊鏈的工作原理與機制$480$349 -
CYBERSEC 2022 臺灣資安年鑑 ─ 零信任資安時代來臨:信任邊界徹底瓦解,安全需源自反覆驗證$179$141
相關主題
商品描述
Key Features
- Discover the different types of security weaknesses in ASP.NET Core web applications and learn how to fix them
- Understand what code makes an ASP.NET Core web app unsafe
- Build your secure coding knowledge by following straightforward recipes
Book Description
ASP.NET Core developers are often presented with security test results showing the vulnerabilities found in their web apps. While the report may provide some high-level fix suggestions, it does not specify the exact steps that you need to take to resolve or fix weaknesses discovered by these tests.
In ASP.NET Secure Coding Cookbook, you'll start by learning the fundamental concepts of secure coding and then gradually progress to identifying common web app vulnerabilities in code. As you progress, you'll cover recipes for fixing security misconfigurations in ASP.NET Core web apps. The book further demonstrates how you can resolve different types of Cross-Site Scripting. A dedicated section also takes you through fixing miscellaneous vulnerabilities that are no longer in the OWASP Top 10 list. This book features a recipe-style format, with each recipe containing sample unsecure code that presents the problem and corresponding solutions to eliminate the security bug. You'll be able to follow along with each step of the exercise and use the accompanying sample ASP.NET Core solution to practice writing secure code.
By the end of this book, you'll be able to identify unsecure code causing different security flaws in ASP.NET Core web apps and you'll have gained hands-on experience in removing vulnerabilities and security defects from your code.
What you will learn
- Understand techniques for squashing an ASP.NET Core web app security bug
- Discover different types of injection attacks and understand how you can prevent this vulnerability from being exploited
- Fix security issues in code relating to broken authentication and authorization
- Eliminate the risks of sensitive data exposure by getting up to speed with numerous protection techniques
- Prevent security misconfiguration by enabling ASP.NET Core web application security features
- Explore other ASP.NET web application vulnerabilities and secure coding best practices
Who this book is for
This ASP.NET Core book is for intermediate-level ASP.NET Core web developers and software engineers who use the framework to develop web applications and are looking to focus on their security using coding best practices. The book is also for application security engineers, analysts, and specialists who want to know more about securing ASP.NET Core using code and understand how to resolve issues identified by the security tests they perform daily.
商品描述(中文翻譯)
主要特點
- 發現 ASP.NET Core 網頁應用程式中不同類型的安全弱點,並學習如何修復
- 了解哪些程式碼會使 ASP.NET Core 網頁應用程式變得不安全
- 通過遵循簡單的食譜來建立您的安全編碼知識
書籍描述
ASP.NET Core 開發人員通常會收到安全測試結果報告,顯示他們的網頁應用程式中發現的漏洞。儘管報告可能提供一些高層次的修復建議,但並未指定您需要採取的確切步驟來解決或修復這些測試發現的弱點。
在《ASP.NET Secure Coding Cookbook》中,您將首先學習安全編碼的基本概念,然後逐漸進展到識別代碼中常見的網頁應用程式漏洞。隨著進展,您將學習修復 ASP.NET Core 網頁應用程式中的安全配置錯誤的方法。本書還演示了如何解決不同類型的跨站腳本攻擊。另外,本書還介紹了修復 OWASP 十大漏洞清單之外的其他漏洞的方法。本書以食譜式格式編寫,每個食譜都包含示例不安全代碼,展示問題以及相應的解決方案以消除安全漏洞。您將能夠跟隨每個練習的每一步,並使用附帶的 ASP.NET Core 範例解決方案來練習編寫安全代碼。
通過閱讀本書,您將能夠識別 ASP.NET Core 網頁應用程式中導致不同安全缺陷的不安全代碼,並且將獲得從代碼中消除漏洞和安全缺陷的實踐經驗。
您將學到什麼
- 了解壓制 ASP.NET Core 網頁應用程式安全漏洞的技術
- 發現不同類型的注入攻擊,並了解如何防止利用這種漏洞
- 修復與破損的身份驗證和授權相關的代碼安全問題
- 通過掌握多種保護技術,消除敏感數據曝露的風險
- 通過啟用 ASP.NET Core 網頁應用程式安全功能,預防安全配置錯誤
- 探索其他 ASP.NET 網頁應用程式漏洞和安全編碼最佳實踐
本書適合對象
這本 ASP.NET Core 書籍適合中級水平的 ASP.NET Core 網頁開發人員和軟體工程師,他們使用該框架開發網頁應用程式,並希望通過編碼最佳實踐來關注安全性。本書還適用於應用程式安全工程師、分析師和專家,他們希望了解如何使用代碼保護 ASP.NET Core,並了解如何解決他們每天執行的安全測試中發現的問題。
作者簡介
Roman Canlas is a Senior Application Security Engineer working at a Fortune 500 company where he successfully established its global Application Security program from the ground up. His years of experience as a developer-led him to be an expert in Secure Code reviews and Static Application Security testing, focusing on web technologies.
Roman held multiple certifications; the GIAC Web Application Penetration Tester (GWAPT), ISC2’s Certified Secure Software Lifecycle Professional (CSSLP), and EC-Council’s Certified Application Security Engineer in .NET (CASE.NET).
Roman also has a Master’s degree in Information Systems and a Bachelors in Computer Science.
作者簡介(中文翻譯)
Roman Canlas 是一位在一家財富500強公司擔任高級應用安全工程師的專業人士,他成功地從零開始建立了該公司的全球應用安全計劃。作為一名開發人員,他多年的經驗使他成為安全代碼審查和靜態應用安全測試方面的專家,專注於網絡技術。
Roman 擁有多個認證,包括 GIAC 網絡應用滲透測試師(GWAPT)、ISC2 的認證安全軟件生命周期專業人員(CSSLP)和 EC-Council 的 .NET 應用安全工程師認證(CASE.NET)。
此外,Roman 還擁有信息系統碩士學位和計算機科學學士學位。
目錄大綱
- Secure Coding Fundamentals
- Injection Flaws
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting
- Insecure Deserialization
- Using components with known vulnerabilities
- Insufficient Logging and Monitoring
- Miscellaneous Vulnerabilities
- Best Practices
目錄大綱(中文翻譯)
- 安全編碼基礎
- 注入漏洞
- 破損的身份驗證
- 敏感資料外洩
- XML外部實體
- 破損的存取控制
- 安全配置錯誤
- 跨站腳本攻擊
- 不安全的反序列化
- 使用已知漏洞的元件
- 不足的日誌記錄和監控
- 其他漏洞
- 最佳實踐
