Once your application is published, it will come under attack. Most of these attacks will be automated, probing for well-known vulnerabilities. You will probably be surprised to see requests being logged for URLs that include phpmyadmin, or the names of popular third-party component libraries you don’t even use. The HTTPS protocol underpins the security of any website. We will begin this chapter with a reminder of the importance of HTTPS and learning how to configure your application to use HTTPS.
Then we will look at the threats posed to your application in more detail, focusing on the most common of these according to the Open Web Application Security Project (OWASP) (https://owasp.org/). You will learn how the Razor Pages framework has been designed specifically to protect you from various threats and how to maintain security should you find the need to bypass these safeguards.