YoVDO

Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core

Offered By: Pluralsight

Tags

ASP.NET Core Courses Cybersecurity Courses XML External Entity (XXE) Injection Courses Application Security Courses Insecure Deserialization Courses

Course Description

Overview

We think of XML, JSON and binary serialized data as a way to exchange data between applications, but these data formats can also be used by hackers to attack your applications. This course will teach you how you can prevent them.

When we think of attacks on websites and applications, we often think about things like SQL Injection, Cross site request forgery, or attacks on our authentication layer. However, there are other avenues of attack into our applications and these can occur any time our application has to read in XML or JSON or binary data and deserialize that data. This course, Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core, talks about three such attacks: the XML External Entities (XXE) attack, the XML bomb or Billion laughs attack and the Insecure deserialization family of attacks. Two of these attacks, the XML External Entities and Insecure deserialization attack are important enough that they were each placed on the OWASP top 10 list for 2017. When you are finished with this course, you will learn what each of these attacks seeks to do, how they work and most importantly, how to defend your .NET applications against them.

Taught by

David Berry

Related Courses

OWASP Top 10: #7 XSS and #8 Insecure Deserialization
LinkedIn Learning
Advanced Cyber Security Training: OWASP Top 10 and Web Application Fundamentals
EC-Council via FutureLearn
An Introduction to OWASP Top 10 Vulnerabilities
Udemy