Most .NET developers do not incorporate security best practices when creating websites. The problem? Even if you use all of the best practices that the ASP.NET team recommends, you are still falling short in several key areas due to issues within the framework itself. And most developers don’t use all of the best practices that are recommended.
If you are interested in truly top-notch security, available sources don’t give you the information you need. Most blogs and other books simply state how to use the configurations within ASP.NET, but do not teach you security as understood by security professionals. Online code samples aren't much help because they are usually written by developers who aren’t incorporating security practices.
This book solves those issues by teaching you security first, going over software best practices as understood by security professionals, not developers. Then it teaches you how security is implemented in ASP.NET. With that foundation, it dives into specific security-related functionality and discusses how to improve upon the default functionality with working code samples. And you will learn how security professionals build software security programs so you can continue building software security best practices into your own Secure Software Development Life Cycle (SSDLC).
What you’ll learn:
- Know how both attackers and professional defenders approach web security;
- Establish a baseline of security for understanding how to design more secure software;
- Discern which attacks are easy to prevent, and which are more challenging, in ASP.NET;
- Dig into ASP.NET source code to understand how the security services work;
- Know how the new logging system in ASP.NET falls short of security needs;
- Incorporate security into your software development process.