1 On web application security


This chapter covers

  • Learning why web application security is important
  • Using ASP.NET Core to create web applications and APIs
  • Identifying why certain parts of an application are at risk
  • Exploring what to expect from this book

Nine out of ten web applications have security vulnerabilities. This is the rather frightening conclusion of a study released in 2020 by Positive Technologies (http://mng.bz/mOj2), a provider of various security solutions. Obviously, such studies can often be biased toward the business model of those who conduct them, but several other studies from previous years yielded similar outcomes. Here’s a report about one study from as far back as 2009: http://mng.bz/5Qo1.

The authors of the study also found that about four out of five web application vulnerabilities are part of the code, instead of, say, the server configuration. From this, we can deduce two trends:

  • The major security risk for web applications lies in their code.
  • The problem is industry-wide, and the situation does not seem to be getting better.

Often, a lack of security does not immediately show—until it’s too late and a web application has been successfully hacked. It is therefore mandatory to make web application security a top priority and to use security best practices from the very beginning of a project.

1.1 ASP.NET Core: History and options

1.1.1 ASP.NET Core version history

1.1.2 MVC

1.1.3 Razor Pages

1.1.4 Web API

1.1.5 Blazor

1.2 Identifying and mitigating threats

1.2.1 Web application components

1.2.2 Defense in depth

1.3 Security-related APIs

1.4 Security is important