Building Secure ASP.NET Core MVC Applications

Explore the security aspects of building ASP.NET Core MVC applications in this 32-minute conference talk from AppSecUSA 2017. Delve into the default security features of ASP.NET Core, a new open-source and cross-platform framework, and learn how it addresses common vulnerabilities like Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). Discover the framework's modular approach and its flexibility in creating secure solutions across Windows, Mac, and Linux platforms. Gain insights from security researcher Niels Tanis as he examines the framework's APIs, demonstrates how to extend security measures, and shows how to validate existing solutions. Cover topics including controllers, data processing, input validation, SameSite cookies, and code analysis limitations. Enhance your understanding of secure application development in the context of ASP.NET Core MVC.

Introduction
ASPNET Core
ModelViewController
Starting a New Project
Controllers
Advanced Controller
Data Processing
Data Assignment
Content Result
Input Validation
SameSide Cookies
Using SameSide Cookies
Code Analysis
Limitations
Conclusion