search

After watching this course you'll have the knowledge and skills to mitigate common browser attacks by setting HTTP headers. The code samples are in ASP.NET Core and ASP.NET for .NET Framework.

Bharat Dwarkani shared on Apr 09, 2020
image
pluralsight.com
bookmarks
share
visibility19
visibility19 share bookmarks

Web applications are at constant risk of attack, and one of the most common attacks is the dreaded injection attack. This course will show you how to defeat three common injection attacks, including SQL Injection, in ASP.NET and ASP.NET Core.

Bharat Dwarkani shared on Apr 09, 2020
image
pluralsight.com
bookmarks
share
visibility9
visibility9 share bookmarks

In this article, we learn how to secure ASP.NET Core MVC Applications against top 10 attacks given by OWSAP (Open Web Application Security Project) in step by step way.

Bharat Dwarkani shared on Apr 05, 2020
image
codeproject.com
bookmarks
share
visibility20
visibility20 share bookmarks

Removing X-Powered By and Server Header in ASP.NET Core application for security reasons

Bharat Dwarkani wrote on Apr 05, 2020
image
sharetechlinks.com
bookmarks
share
visibility22
visibility22 share bookmarks

Azure Key Vault is a great way to store your IdentityServer4 signing keys; it is secure, versioned, and gives you access to robust access control mechanisms. However, I keep seeing many Azure Key Vault integrations that miss many of its features by storing the private key as a secret and then downloading the private key on application startup.

Bharat Dwarkani shared on Mar 30, 2020
image
scottbrady91.com
bookmarks
share
visibility8
visibility8 share bookmarks

The purpose here is to configure the data protection system in such a way that its keys are stored outside the app server, but also to do so in a secure manner. By default data protection keys may be stored in a local folder

Bharat Dwarkani shared on Mar 15, 2020
image
joonasw.net
bookmarks
share
visibility19
visibility19 share bookmarks

Specifying headers in middleware can be done in C# code by creating one or more pieces of middleware. Most examples in this post will use this approach. In short, you either create a new middleware class or call the Use method directly in the Configure method in Startup.cs

Bharat Dwarkani shared on Mar 13, 2020
image
blog.elmah.io
bookmarks
share
visibility29
visibility29 share bookmarks

Cross Site Request Forgery (aka CSRF or XSRF) is one of the most common attacks in which the user is tricked into executing an unwanted action through his browser on his behalf, in one of the sites he is currently authenticated. ASP.Net Core contains an Antiforgery package that can be used to secure your application against this particular risk. For those who have used earlier versions of ASP.Net will see that things have changed a bit in the new framework.

Bharat Dwarkani shared on Mar 05, 2020
image
dotnetcurry.com
bookmarks
share
visibility28
visibility28 share bookmarks

An issue related to antiforgery that I couldn’t understand at the time. I went with a workaround but thought I’d dig a bit deeper when I have time. Let’s have a look at it together!

Bharat Dwarkani shared on Mar 05, 2020
image
mderriey.com
bookmarks
share
visibility16
visibility16 share bookmarks

If you decide to go with cookies and if your web api is consumed through a web application (e.g. Angular) it will be vulnerable to cross-site request forgery attacks (frequently referred to as CSRF or XSRF).

Bharat Dwarkani shared on Mar 05, 2020
image
blinkingcaret.com
bookmarks
share
visibility22
visibility22 share bookmarks
add