Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core
|
We think of XML, JSON and binary serialized data as a way to exchange data between applications, but these data formats can also be used by hackers to attack your applications. This course will teach you how you can prevent them.
When we think of attacks on websites and applications, we often think about things like SQL Injection, Cross site request forgery, or attacks on our authentication layer. However, there are other avenues of attack into our applications and these can occur any time our application has to read in XML or JSON or binary data and deserialize that data. This course, Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core, talks about three such attacks: the XML External Entities (XXE) attack, the XML bomb or Billion laughs attack and the Insecure deserialization family of attacks. Two of these attacks, the XML External Entities and Insecure deserialization attack are important enough that they were each placed on the OWASP top 10 list for 2017. When you are finished with this course, you will learn what each of these attacks seeks to do, how they work and most importantly, how to defend your .NET applications against them.
Author Name: David Berry
Author Description:
David Berry is a software engineer with over 15 years of application development experience. He started developing software in Java 1.0 using an Oracle 7 backend. Making the switch to Microsoft .NET when it was released, he has worked with every version of .NET since. He has also worked with every version of Oracle since Oracle 7 and ever version of SQL Server since SQL Server 7. His experience spans a broad range of industries including semiconductors, financial services, insurance an gove… more
Table of Contents
- Course Overview
1min - XML and Deserialization Based Attacks
27mins
User Reviews
Be the first to review “Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core”
Related Products
Maintaining Deployment Security in Microsoft Azure
This course identifies the resources, tools, and methods needed to maintain the security of your deployed resources in Azure.
Implementing Host Security in Microsoft Azure
This course identifies the resources, tools, and methods needed to secure hosts in Azure as well as hosts connecting to Azure.
Cisco Enterprise Networks: Infrastructure Security
In this course, you'll learn how to configure DHCP snooping, IP source guard, dynamic ARP inspection (DAI), port security, storm control, RADIUS, and TACACS+.
Using Microsoft Azure Security Tools to Protect AI Solutions
As more and more systems are automated with the use of AI, securing AI solutions is of paramount importance. In this course, you will explore the various facilities Azure offers to secure Azure machine service learning solutions.
Malware Analysis: Identifying and Defeating Code Obfuscation
Malware authors routinely utilize obfuscation techniques to complicate the analysis of their code. This course will teach you techniques for identifying and defeating code obfuscation so that key characteristics and behaviors can be identified.
Cryptography Fundamentals for Developers and Security Professionals
Cryptography ensures confidentiality and authenticity of digital documents. The mathematics behind cryptography show us why, and how far, it can be trusted.
There are no reviews yet.