There are few articles written about the built-in ASP.NET Core security features. Even official documentation has gaps. We’ll explore all common security features and I’ll explain how they work under the hood. If you use the good old ASP .NET, then information about security internals and security best practices will be useful for you. This talk will give you answers to following questions: How are modern anti-XSS techniques implemented? How to use them correctly? How to work with cookies safely? How was a CSRF prevention mechanism re-written? How to work with crypto algorithms correctly? Also, I will talk about my experience in .NET Core Bug Bounty Program. I recommend recalling OWASP Top 10 attacks before the talk.
Mikhail is Microsoft .NET MVP, .NET community leader in St. Petersburg and Moscow, an independent software developer and consultant. His professional areas are static and dynamic code analysis, information security, automation of debugging code, research of .NET CLR internals.