Join Jess Chadwick for an in-depth discussion in this video Avoid cross-site request forgery, part of Learning ASP.NET Core MVC.
- [Narrator] Whenever you have portions of an application…important enough that they need to be secured…you've now got to start considering attackers…who will want to break through that security…and access your application through nefarious means.…There are many techniques that attackers use…in order to gain access to sites…but one of the most popular techniques…is the cross-site request forgery attack.…Accordingly, ASP.NET Core MVC provides us a way…to help guard against this attack.…The cross-site request forgery attack…also known as a CSRF, or C surf attack…describes a situation in which an attacker…is able to get ahold of your legitimately…authenticated session and begin sending commands…and submitting data with requests that identify as you.…
Perhaps the most popular implementation of this technique…is for an attacker to create a page…on their site that induces the user to submit…a request to your site.…This request is now sent to your application…as the target user but the attacker…now has complete control over the content…
- Building blocks of ASP.NET Core applications
- Creating a new project
- Responding to HTTP requests
- Serving static files
- Understanding the MVC pattern
- Handling requests with controllers
- Rendering HTML with Razor
- Rendering data, view markup, and view logic
- Creating HTML forms
- Validating form data
- Reading and writing from a database with Entity Framework
- Improving the user experience
- Exposing data with a web API
- Securing your ASP.NET application
Skill Level Intermediate
1. The Basics
2. The Model-View-Controller (MVC) Pattern
Understand routing4m 24s
3. Render HTML with Views
4. Work with Data
5. Improve User Experience with Ajax and Web APIs
6. Secure Your Application
Next steps1m 42s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.