Avoid cross-site request forgery

Join Jess Chadwick for an in-depth discussion in this video Avoid cross-site request forgery, part of Learning ASP.NET Core MVC.

Course Overview
Transcript
View Offline
Exercise Files

- [Narrator] Whenever you have portions of an application…important enough that they need to be secured…you've now got to start considering attackers…who will want to break through that security…and access your application through nefarious means.…There are many techniques that attackers use…in order to gain access to sites…but one of the most popular techniques…is the cross-site request forgery attack.…Accordingly, ASP.NET Core MVC provides us a way…to help guard against this attack.…The cross-site request forgery attack…also known as a CSRF, or C surf attack…describes a situation in which an attacker…is able to get ahold of your legitimately…authenticated session and begin sending commands…and submitting data with requests that identify as you.…

Perhaps the most popular implementation of this technique…is for an attacker to create a page…on their site that induces the user to submit…a request to your site.…This request is now sent to your application…as the target user but the attacker…now has complete control over the content…

Resume Transcript Auto-Scroll

Author

Jess Chadwick

Skill Level Intermediate

3h 12m

Duration

148,743

Views

Show More Show Less

Related Courses

Introduction
- Welcome
  1m 16s
- What you should know
  2m 6s
- How to use the exercise files
  2m 57s
- Development environment set up
  1m 50s
- Sample application introduction
  4m 3s
- Challenges
  1m 11s
1. The Basics
- Building blocks of ASP.NET Core applications
  5m 54s
- Create a new project
  5m 14s
- Respond to HTTP requests
  5m 32s
- Leverage external dependencies
  4m 35s
- Serve static files
  3m 9s
- Error handling and diagnostics
  4m 55s
- Use custom configuration
  4m 42s
- Populate configuration settings
  4m 34s
- Increase maintainablility with dependency injection
  6m 14s
2. The Model-View-Controller (MVC) Pattern
- Understand the model-view-controller (MVC) pattern
  6m 16s
- Add ASP.NET MVC to your ASP.NET Core application
  3m 21s
- Handle requests with controllers
  4m 26s
- Pass parameters to controller actions
  5m 1s
- Understand routing
  4m 24s
- Customize your application's URLs
  5m 5s
3. Render HTML with Views
- Render HTML with Razor
  3m 51s
- Render dynamic content with Razor
  5m 1s
- Reuse shared HTML markup with layouts
  5m 40s
- Pass data from the controller to the view
  1m 56s
- Render data with strongly typed views
  2m 16s
- Reuse view markup with partial views
  4m 25s
- Reuse view logic with injectable services
  3m 16s
- Reuse application features with view components
  6m 44s
- Reuse application features with view components, part 2
  2m
- Challenge
  1m 29s
- Solution
  1m 48s
4. Work with Data
- Create strongly typed HTML forms
  4m 5s
- Post form data to controller actions
  4m 9s
- Validate form post data
  5m 55s
- Use tag helpers to simplify forms
  5m 7s
- Represent the database using Entity Framework
  6m 9s
- Write to a database using Entity Framework
  1m 35s
- Read from a database using Entity Framework
  2m 24s
- Challenge
  44s
- Solution
  1m 45s
5. Improve User Experience with Ajax and Web APIs
- Avoid page refreshes with partial rendering
  5m 9s
- Expose web API endpoints
  4m 7s
- Expose data through a web API
  3m 38s
- Consume a web API from the browser
  3m 26s
- Challenge
  31s
- Solution
  2m 12s
6. Secure Your Application
- Secure controller actions from unauthorized access
  1m 23s
- Add identity services to your application
  3m 49s
- Use identity services to create user accounts
  3m 4s
- Use identity services to allow users to log in to your site
  3m 10s
- Avoid cross-site request forgery
  3m 39s
Conclusion
- Next steps
  1m 42s

Show MoreShow Less

Take notes with your new membership!

Type in the entry box, then click Enter to save your note.

1:30Press on any video thumbnail to jump immediately to the timecode shown.

Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.

Start Your Free Trial Now

Skills covered in this course

Categories

3D + Animation Topics

3D + Animation Software

3D + Animation Learning Paths

Audio + Music Topics

Audio + Music Software

Audio + Music Learning Paths

Business Topics

Business Software

Business Learning Paths

Business Guides

CAD Topics

CAD Software

CAD Learning Paths

Design Topics

Design Software

Design Learning Paths

Developer Topics

Developer Software

Developer Learning Paths

Education + Elearning Topics

Education + Elearning Software

Education + Elearning Learning Paths

IT Topics

IT Software

IT Learning Paths

Marketing Topics

Marketing Software

Marketing Learning Paths

Photography Topics

Photography Software

Photography Learning Paths

Video Topics

Video Software

Video Learning Paths

Web Topics

Web Software

Web Learning Paths

Web Guides

Avoid cross-site request forgery

Author

Skill Level Intermediate

Duration

Views

Related Courses

C#: Design Patterns

Tooling with NPM Scripts

Visual Studio 2015 Essential Training: 01 Exploring the Visual Studio Ecosystem

Introduction

1. The Basics

2. The Model-View-Controller (MVC) Pattern

3. Render HTML with Views

4. Work with Data

5. Improve User Experience with Ajax and Web APIs

6. Secure Your Application

Conclusion

Take notes with your new membership!

Skills covered in this course

Continue Assessment

Start Your Free Trial Now