ASP.NET Core 5 Secure Coding Cookbook: Practical recipes for tackling vulnerabilities in your ASP.NET web applications
暫譯: ASP.NET Core 5 安全編碼食譜:解決 ASP.NET 網頁應用程式漏洞的實用配方

Roman Canlas

ASP.NET Core 5 Secure Coding Cookbook: Practical recipes for tackling vulnerabilities in your ASP.NET web applications

買這商品的人也買了...

相關主題

商品描述

Key Features

  • Discover the different types of security weaknesses in ASP.NET Core web applications and learn how to fix them
  • Understand what code makes an ASP.NET Core web app unsafe
  • Build your secure coding knowledge by following straightforward recipes

Book Description

ASP.NET Core developers are often presented with security test results showing the vulnerabilities found in their web apps. While the report may provide some high-level fix suggestions, it does not specify the exact steps that you need to take to resolve or fix weaknesses discovered by these tests.

In ASP.NET Secure Coding Cookbook, you'll start by learning the fundamental concepts of secure coding and then gradually progress to identifying common web app vulnerabilities in code. As you progress, you'll cover recipes for fixing security misconfigurations in ASP.NET Core web apps. The book further demonstrates how you can resolve different types of Cross-Site Scripting. A dedicated section also takes you through fixing miscellaneous vulnerabilities that are no longer in the OWASP Top 10 list. This book features a recipe-style format, with each recipe containing sample unsecure code that presents the problem and corresponding solutions to eliminate the security bug. You'll be able to follow along with each step of the exercise and use the accompanying sample ASP.NET Core solution to practice writing secure code.

By the end of this book, you'll be able to identify unsecure code causing different security flaws in ASP.NET Core web apps and you'll have gained hands-on experience in removing vulnerabilities and security defects from your code.

What you will learn

  • Understand techniques for squashing an ASP.NET Core web app security bug
  • Discover different types of injection attacks and understand how you can prevent this vulnerability from being exploited
  • Fix security issues in code relating to broken authentication and authorization
  • Eliminate the risks of sensitive data exposure by getting up to speed with numerous protection techniques
  • Prevent security misconfiguration by enabling ASP.NET Core web application security features
  • Explore other ASP.NET web application vulnerabilities and secure coding best practices

Who this book is for

This ASP.NET Core book is for intermediate-level ASP.NET Core web developers and software engineers who use the framework to develop web applications and are looking to focus on their security using coding best practices. The book is also for application security engineers, analysts, and specialists who want to know more about securing ASP.NET Core using code and understand how to resolve issues identified by the security tests they perform daily.

商品描述(中文翻譯)

**主要特點**

- 探索 ASP.NET Core 網頁應用程式中的不同類型安全弱點,並學習如何修復它們
- 了解哪些程式碼使 ASP.NET Core 網頁應用程式不安全
- 通過遵循簡單的食譜來增強您的安全編碼知識

**書籍描述**

ASP.NET Core 開發人員經常會收到安全測試結果,顯示其網頁應用程式中發現的漏洞。雖然報告可能提供一些高層次的修復建議,但並未具體說明您需要採取的確切步驟來解決或修復這些測試所發現的弱點。

在《ASP.NET 安全編碼食譜》中,您將首先學習安全編碼的基本概念,然後逐步進展到識別程式碼中的常見網頁應用程式漏洞。隨著進展,您將涵蓋修復 ASP.NET Core 網頁應用程式中安全錯誤配置的食譜。本書進一步展示了如何解決不同類型的跨站腳本攻擊(Cross-Site Scripting)。專門的部分還將引導您修復不再在 OWASP 前十名列表中的各種漏洞。本書採用食譜式格式,每個食譜包含示範不安全程式碼,呈現問題及相應的解決方案以消除安全漏洞。您將能夠跟隨每個練習的步驟,並使用隨附的 ASP.NET Core 範例解決方案來練習編寫安全程式碼。

在本書結束時,您將能夠識別導致 ASP.NET Core 網頁應用程式中不同安全缺陷的不安全程式碼,並獲得移除程式碼中漏洞和安全缺陷的實踐經驗。

**您將學到的內容**

- 理解修復 ASP.NET Core 網頁應用程式安全漏洞的技術
- 探索不同類型的注入攻擊,並了解如何防止此漏洞被利用
- 修復與身份驗證和授權失效相關的程式碼安全問題
- 通過掌握多種保護技術來消除敏感數據暴露的風險
- 通過啟用 ASP.NET Core 網頁應用程式安全功能來防止安全錯誤配置
- 探索其他 ASP.NET 網頁應用程式漏洞和安全編碼最佳實踐

**本書適合誰**

這本 ASP.NET Core 書籍適合中級 ASP.NET Core 網頁開發人員和使用該框架開發網頁應用程式的軟體工程師,他們希望專注於使用最佳編碼實踐來增強安全性。本書也適合應用安全工程師、分析師和專家,這些人希望了解如何使用程式碼來保護 ASP.NET Core,並理解如何解決他們每天執行的安全測試中識別的問題。

作者簡介

Roman Canlas is a Senior Application Security Engineer working at a Fortune 500 company where he successfully established its global Application Security program from the ground up. His years of experience as a developer-led him to be an expert in Secure Code reviews and Static Application Security testing, focusing on web technologies.

Roman held multiple certifications; the GIAC Web Application Penetration Tester (GWAPT), ISC2’s Certified Secure Software Lifecycle Professional (CSSLP), and EC-Council’s Certified Application Security Engineer in .NET (CASE.NET).

Roman also has a Master’s degree in Information Systems and a Bachelors in Computer Science.

作者簡介(中文翻譯)

Roman Canlas 是一位資深應用程式安全工程師,目前在一家《財富》500 強公司工作,他成功地從零開始建立了該公司的全球應用程式安全計畫。他多年作為開發者的經驗使他成為安全程式碼審查和靜態應用程式安全測試的專家,專注於網頁技術。

Roman 擁有多項認證,包括 GIAC 網頁應用程式滲透測試員 (GWAPT)、ISC2 的認證安全軟體生命週期專業人員 (CSSLP),以及 EC-Council 的 .NET 應用程式安全工程師認證 (CASE.NET)。

Roman 也擁有資訊系統碩士學位和計算機科學學士學位。

目錄大綱

  1. Secure Coding Fundamentals
  2. Injection Flaws
  3. Broken Authentication
  4. Sensitive Data Exposure
  5. XML External Entities
  6. Broken Access Control
  7. Security Misconfiguration
  8. Cross-Site Scripting
  9. Insecure Deserialization
  10. Using components with known vulnerabilities
  11. Insufficient Logging and Monitoring
  12. Miscellaneous Vulnerabilities
  13. Best Practices

目錄大綱(中文翻譯)


  1. Secure Coding Fundamentals

  2. Injection Flaws

  3. Broken Authentication

  4. Sensitive Data Exposure

  5. XML External Entities

  6. Broken Access Control

  7. Security Misconfiguration

  8. Cross-Site Scripting

  9. Insecure Deserialization

  10. Using components with known vulnerabilities

  11. Insufficient Logging and Monitoring

  12. Miscellaneous Vulnerabilities

  13. Best Practices

類似商品