Web application security is a topic that’s over 20 years old. Over time, there have been several novel ways to assail a web application, and new twists to decades-old attacks have been invented. This part of the book will discuss the most common specific attacks against websites and how to mitigate them with ASP.NET Core.
Chapter 2 will focus on cross-site scripting (XSS), an attack that basically consists of JavaScript injection. Chapter 3 will feature several attacks against state management; sessions are especially at risk.
In Chapter 4, cross-site request forgery (CSRF) will be explained in detail, including the built-in safeguards of ASP.NET Core and features in modern browsers that make this attack hard to pull off. Chapter 5 covers data validation with ASP.NET Core (and what can go wrong if you don’t do it correctly). Many attacks are enabled by not properly handling incoming data, and this chapter shows effective countermeasures.