This video introduces the most common methods of software attacks for ASP.NET Core web applications, and strategies to protect against them.
- [Instructor] We've explored how to secure and control access to our applications with authentication and authorization, but that's not enough to keep our system safe. The probability of software breaches continues to rise and the consequences can be grave for organizations and individuals. In this module, we'll cover the most common methods of attacks and the techniques to protect against them. We'll learn about cross-site scripting and cross-site request forgery attacks.
We'll also review how to protect our databases against SQL injection attack. We can restrict access to our websites by defining a cross-origin request policy. And finally, we'll cover how to safeguard against open redirection attacks and URL manipulation. While total security isn't achievable, the good news is there are steps you can take to reduce your vulnerability to attack. As part of your software design process, you should plan for and document security decisions so they're not an afterthought.
During development, apply secure programming best practices, like the ones we'll cover in this chapter. And I'd implore you to stay aware and knowledgeable on security and the latest threats. There are resources to help you do that. For instance, you can watch more security videos in our online library. Also check out the Open Web Application Security Project, or OWASP. You can find the URL below.
It's a non-profit open source project, and they're known for their top 10 list which describes the top software security risks.
- Securing your app with Identity Framework
- Setting up token authentication in an MVC application
- Integrating external authentication service providers
- Protecting against common attacks such as XSRF and SQL injection
- Protecting sensitive data
- Encryption basics
- Working with cookies
- Displaying error information