Configuring Security Headers in ASP.NET 4 and ASP.NET Core 3 Applications

Focused View

Roland Guijt

51:50

8 View

1- Course Overview

01-Course Overview.mp4

01:27

2- How Security Headers Help Protect Your Application

02-Module Overview.mp4

00:42

03-The Browser Is Unsafe - How HTTP Headers Can Help.mp4

03:46

04-Adding HTTP Headers to the Response with Filters.mp4

02:41

05-Using Middleware to Add HTTP Headers.mp4

02:08

06-Emitting HTTP Headers Using the Web.Config and NWebSec.mp4

01:14

07-Determining Which Security Headers Are Needed.mp4

01:15

08-Summary.mp4

00:52

3- Controlling the Browser to Protect Against Cross Site Scripting (XSS) and Click-Jacking Attacks

09-Module Overview.mp4

00:48

10-Cross Site Scripting (XSS) Attacks.mp4

04:56

11-The Content-Security-Policy (CSP) Header.mp4

02:27

12-Writing a Content Security Policy.mp4

04:55

13-Click-Jacking Attacks.mp4

03:06

14-Controlling IFrames with CSP and the x-frame-options Header.mp4

02:35

15-The Feature-Policy Header.mp4

01:32

16-Summary.mp4

00:28

4- Reducing the Attack Surface with X-Content-Type-Options, Subsource Integrity, and by Withholding Version Information

17-Module Overview.mp4

00:45

18. Turning Off MIME Sniffing to Prevent XSS.mp4

03:03

19. Secure CDN Access with the Subresource Integrity Check.mp4

03:34

20. Preventing Leaking of URL Information with the Referrer-policy Header.mp4

05:31

21. Controlling ASP.NET Version Headers.mp4

01:33

22. Preventing Caching with the Cache-Control Header.mp4

01:53

23. Summary.mp4

00:39

Description

After watching this course you'll have the knowledge and skills to mitigate common browser attacks by setting HTTP headers. The code samples are in ASP.NET Core and ASP.NET for .NET Framework.

What You'll Learn?

You’ve heard about attacks like Cross Site Scripting (CSS) and click-jacking. This course, Configuring Security Headers in ASP.NET and ASP.NET Core Applications, will give you the skills needed to mitigate these kinds of attacks by turning on browser features in your ASP.NET(Core) application like Content Security Policy (CSP), Referrer Policy and Feature Policy. By the end of this course you'll not only know how to make these configurations, you'll understand how these attacks work.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

ASP.NET Core

Roland Guijt

Instructor's Courses

Roland is a Microsoft MVP enjoying a constant curiosity around new techniques in software development. His focus is on all things .Net and browser technologies. As a long-time trainer, he led many courses on these topics and spoke about them at international conferences. He also travels around the globe to offer his self-developed workshops. The word that comes to mind when he thinks about software development is passion! Roland lives in The Netherlands with his wife and two boys.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.