Advanced ASP.NET Core 8 Security: Move Beyond ASP.NET Documentation and Learn Real Security
Norberg, Scott
商品描述
Most .NET developers do not incorporate security best practices when creating websites. The problem? Even if you use all of the best practices that the ASP.NET team recommends, you are still falling short in several key areas due to issues within the framework itself. And most developers don't use all of the best practices that are recommended.
If you are interested in truly top-notch security, available sources don't give you the information you need. Most blogs and other books simply state how to use the configurations within ASP.NET, but do not teach you security as understood by security professionals. Online code samples aren't much help because they are usually written by developers who aren't incorporating security practices.
This book solves those issues by teaching you security first, going over software best practices as understood by security professionals, not developers. Then it teaches you how security is implemented in ASP.NET. With that foundation, it dives into specific security-related functionality and discusses how to improve upon the default functionality with working code samples. And you will learn how security professionals build software security programs so you can continue building software security best practices into your own Secure Software Development Life Cycle (SSDLC).
What You'll Learn
- Know how both attackers and professional defenders approach web security
- Establish a baseline of security for understanding how to design more secure software
- Discern which attacks are easy to prevent, and which are more challenging, in ASP.NET
- Dig into ASP.NET source code to understand how the security services work
- Know how the new logging system in ASP.NET falls short of security needs
- Incorporate security into your software development process
Who This Book Is For
Software developers who have experience creating websites in ASP.NET and want to know how to make their websites secure from hackers and security professionals who work with a development team that uses ASP.NET. To get the most out of this book, you should already have a basic understanding of web programming and ASP.NET, including creating new projects, creating pages, and using JavaScript.
Topics That Are New to This Edition
This edition has been updated with the following changes:
- Best practices and code samples updated to reflect security-related changes in ASP.NET 8
- Improved examples, including a fully-functional website incorporating security suggestions
- Best practices for securely using Large Language Models (LLMs) and AI
- Expansions and clarifications throughout
商品描述(中文翻譯)
大多數 .NET 開發人員在創建網站時並未納入安全最佳實踐。問題是?即使您使用了 ASP.NET 團隊推薦的所有最佳實踐,您仍然在幾個關鍵領域有所不足,這是由於框架本身的問題。而且大多數開發人員並未使用所有建議的最佳實踐。
如果您對真正一流的安全性感興趣,現有的資源並未提供您所需的信息。大多數部落格和其他書籍僅僅說明如何使用 ASP.NET 中的配置,但並未教您安全專業人士所理解的安全性。線上的程式碼範例幫助不大,因為它們通常是由未納入安全實踐的開發人員撰寫的。
本書通過首先教授安全性來解決這些問題,講解安全專業人士而非開發人員所理解的軟體最佳實踐。然後,它教您如何在 ASP.NET 中實現安全性。在這個基礎上,它深入探討特定的安全相關功能,並討論如何通過可運行的程式碼範例來改善預設功能。您將學習安全專業人士如何建立軟體安全計畫,以便您能夠持續將軟體安全最佳實踐融入自己的安全軟體開發生命週期 (SSDLC) 中。
您將學到的內容:
- 知道攻擊者和專業防禦者如何看待網路安全
- 建立安全基準,以理解如何設計更安全的軟體
- 辨別在 ASP.NET 中哪些攻擊容易防範,哪些則較具挑戰性
- 深入研究 ASP.NET 原始碼,以了解安全服務的運作方式
- 知道 ASP.NET 中的新日誌系統如何未能滿足安全需求
- 將安全性納入您的軟體開發過程
本書適合對象:
本書適合有 ASP.NET 網站開發經驗的軟體開發人員,並希望了解如何使其網站免受駭客攻擊的安全專業人士,這些專業人士與使用 ASP.NET 的開發團隊合作。為了充分利用本書,您應該已經對網頁程式設計和 ASP.NET 有基本的了解,包括創建新專案、創建頁面和使用 JavaScript。
本版新主題:
本版已更新以下變更:
- 最佳實踐和程式碼範例已更新,以反映 ASP.NET 8 中的安全相關變更
- 改進的範例,包括一個包含安全建議的完整功能網站
- 安全使用大型語言模型 (LLMs) 和 AI 的最佳實踐
- 全文擴展和澄清
作者簡介
Scott Norberg is a web security specialist with almost 20 years of experience in various technology and programming roles, specializing in web development and web security using Microsoft technologies. He has a wide range of experiences in security, from working with development teams on secure code techniques, to software security assessments, and application security program building. He also has an interest in building plug-and-play software libraries that developers can use to secure their sites with little-to-no extra effort.
Scott holds several certifications, including Microsoft Certified Technology Specialist (MCTS), and certifications for ASP.NET and SQL Server. He also holds two certifications from ISC2, (Certified Information Systems Security Professional (CISSP) and Cloud Certified Security Professional (CCSP)) and an MBA from Indiana University.
Scott is the Founder and President of Opperis Technologies LLC, a firm dedicated to helping small- to mid-sized businesses write more secure software. His latest project is CodeSheriff.NET, an open-source security scanner for ASP.NET Core, which can be found on GitHub at ScottNorberg-NCG/CodeSheriff.NET.
作者簡介(中文翻譯)
Scott Norberg 是一位網路安全專家,擁有近 20 年的各種技術和程式設計角色經驗,專注於使用 Microsoft 技術的網頁開發和網路安全。他在安全領域擁有廣泛的經驗,從與開發團隊合作進行安全程式碼技術,到軟體安全評估和應用程式安全計畫的建立。他也對建立即插即用的軟體庫感興趣,讓開發者能夠輕鬆地保護他們的網站,幾乎不需要額外的努力。
Scott 擁有多項認證,包括 Microsoft 認證技術專家 (MCTS) 以及 ASP.NET 和 SQL Server 的認證。他還擁有 ISC2 的兩項認證(資訊系統安全專業人員 (CISSP) 和雲端安全專業人員 (CCSP)),以及印第安納大學的 MBA 學位。
Scott 是 Opperis Technologies LLC 的創辦人兼總裁,該公司致力於幫助中小型企業撰寫更安全的軟體。他的最新專案是 CodeSheriff.NET,這是一個針對 ASP.NET Core 的開源安全掃描器,可以在 GitHub 上找到,網址為 ScottNorberg-NCG/CodeSheriff.NET。
