In this course, you will learn how to manage validation and prevent cross-site scripting and cross-site request forgery attacks, and how to implement a custom membership provider for ASP.NET MVC web applications.
Learning Objectives
Implementing Secure Sites
- start the course
- use HTML form encoding to prevent cross-site scripting attacks in an ASP.NET MVC web application
- create and apply a salt to a hashed password before storing it in an ASP.NET MVC web application
- create and use an SSL client certificate to provide SSL authentication in an ASP.NET MVC web application
- encrypt a section of a application configuration file in ASP.NET MVC web application in Visual Studio 2017
- implement deferred request validation in an ASP.NET MVC web application
- use the AllowHtml attribute to disable request validation for a model property in an ASP.NET MVC web application
- use the ValidateInput attribute to disable validation for an MVC controller action in an ASP.NET MVC web application
- use parameterized SQL queries to prevent SQL injection attacks in an ASP.NET MVC web application
- use an anti-forgery token along with the ValidateAntiForgeryTokenAttribute to protect against cross-site request forgery attacks in an ASP.NET MVC web application
Implementing Custom Membership Providers
- set up a model class for a custom membership provider in an ASP.NET MVC web application in Visual Studio 2017
- configure a custom membership provider in an ASP.NET MVC web application in Visual Studio 2017
- test the operation of a custom membership provider in an ASP.NET MVC web application in Visual Studio 2017
Practice: Securing Communication
- secure communication by applying SSL certificates; salt and hash passwords for storage