There are few articles written about the built-in ASP.NET Core security features. Even official documentation has gaps. We’ll explore all common security features and I’ll explain how they work under the hood. If you use the good old ASP .NET, then information about security internals and security best practices will be useful for you. This talk will give you answers to following questions: How are modern anti-XSS techniques implemented? How to use them correctly? How to work with cookies safely? How was a CSRF prevention mechanism re-written? How to work with crypto algorithms correctly? Also, I will talk about my experience in .NET Core Bug Bounty Program. I recommend recalling OWASP Top 10 attacks before the talk.
Mikhail is Microsoft .NET MVP, a participant of .NET Core Bug Bounty Program, .NET community leader in Russia, an independent software developer and consultant. His professional area is static and dynamic code analysis, information security, automatization of debugging code, the research of the internal .NET CLR.