Book Image

ASP.NET Core 5 Secure Coding Cookbook

By : Roman Canlas
Book Image

ASP.NET Core 5 Secure Coding Cookbook

By: Roman Canlas

Overview of this book

ASP.NET Core developers are often presented with security test results showing the vulnerabilities found in their web apps. While the report may provide some high-level fix suggestions, it does not specify the exact steps that you need to take to resolve or fix weaknesses discovered by these tests. In ASP.NET Secure Coding Cookbook, you’ll start by learning the fundamental concepts of secure coding and then gradually progress to identifying common web app vulnerabilities in code. As you progress, you’ll cover recipes for fixing security misconfigurations in ASP.NET Core web apps. The book further demonstrates how you can resolve different types of Cross-Site Scripting. A dedicated section also takes you through fixing miscellaneous vulnerabilities that are no longer in the OWASP Top 10 list. This book features a recipe-style format, with each recipe containing sample unsecure code that presents the problem and corresponding solutions to eliminate the security bug. You’ll be able to follow along with each step of the exercise and use the accompanying sample ASP.NET Core solution to practice writing secure code. By the end of this book, you’ll be able to identify unsecure code causing different security flaws in ASP.NET Core web apps and you’ll have gained hands-on experience in removing vulnerabilities and security defects from your code.
Table of Contents (15 chapters)

Fixing user enumeration

Every single piece of information is vital to a malicious actor. Knowing if a user exists in a web application gives the attacker leverage to execute a more damaging and successful attack. Protect your ASP.NET Core web application by not providing this information by displaying general messages during authentication failures.

In this recipe, we will change the code that displays the not-so generic error message to prevent user enumeration attacks.

Getting ready

Using Visual Studio Code, open the sample Online Banking app folder at \Chapter03\user-emumeration\before\OnlineBankingApp.

Testing user enumeration

Follow these steps:

  1. Navigate to Terminal | New Terminal in the menu or simply press Ctrl + Shift + ' in Visual Studio Code.
  2. Type the following command in the Terminal to build and run the sample app:
    dotnet run
  3. Open a browser and go to http://localhost:5000.
  4. The browser will display the login page (see Figure 3.1).
  5. ...