ASP.NET Core: Preventing attacks 2.0


That's version 2.0 of the talk about the built-in ASP.NET security features, updated and expanded after the .NET Core 2.0 was released. We'll look into the new Microsoft Web framework from the security point of view.

This talk covers the differences in security features of various versions of ASP.NET. We'll see how the built-in security features from XSS and CSRF work now, what cryptography abilities are available off the shelf, how the session management works. This talk will be interesting for developers who work on secure ASP.NET applications, for specialists who do a security review of .NET projects, as well as for everyone who wants to understand the realization of the security components using this platform as an example.

Download presentation

Mikhail Shcherbakov

Mikhail Shcherbakov yu5k3

Independent developer

Mikhail is Microsoft .NET MVP, a participant of .NET Core Bug Bounty Program, .NET community leader in Russia, an independent software developer and consultant. His professional area is static and dynamic code analysis, information security, automatization of debugging code, the research of the internal .NET CLR.

All talks