Learn your way! Get started

MVC 4.0, Part 07: Security Concepts

with expert Don Kiely

Watch trailer

MVC 4.0, Part 07: Security Concepts Trailer

Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack
  • Power Pack Plus

Release date Release date 7/2/2013
Level Level Advanced
Runtime Runtime 2h 33m
Platform Platform Major browsers on Windows Major browsers on Windows Major browsers on Mac OSX Major browsers on Mac OSX Mobile Devices Mobile Devices
Closed captioning Closed captioning Included
Transcript Transcript Included
eBooks / courseware eBooks / courseware N/A
Hands-on labs Hands-on labs Included
Sample code Sample code Included
Exams Exams Included

Enterprise Solutions
Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More

Course description

In this course you’ll explore a wide range of security threats and a variety of features in MVC that help you protect against them. We’ll start with a discussion of critical security concepts, then look at some of the differences between Web Forms and MVC applications from a security perspective. Then you’ll learn various techniques you can use to protect the integrity of application data, including how you can encrypt configuration file sections, use SSL for various security purposes, and hash passwords for storage. I’ll finish up the course by looking at various serious threats that MVC applications face, and explore some of the options available for protecting against them.


This course assumes that you are familiar and experienced with Microsoft’s .NET Framework and ASP.NET development tools. You should be familiar with Web development and understand how HTTP and HTML work to produce Web pages for the user. You should have experience writing applications with ASP.NET 4.0 or later Web forms, and be familiar with how ASP.NET processes page requests, and have strong experience with .NET Framework 4.0 or later programming. You should have experience with Visual Studio 2012 for building Web application projects. Experience with building database applications using these tools will be helpful, although not strictly necessary.

Prepare for certification

This course will help you prepare for:
70-486 Developing ASP.NET MVC Web Applications
70-486 Developing ASP.NET MVC 4 Web Applications

This course will help you earn:
MCSD: SharePoint Applications
MCSD: Web Applications

Meet the expert

Don Kiely Don Kiely is a featured instructor on many of our SQL Server and Visual Studio courses. He is a nationally recognized author, instructor, and consultant, specializing in Microsoft technologies. Don has many years of teaching experience, is the author or co-author of several programming books, and has spoken at many industry conferences and user groups. In addition, Don is a consultant for a variety of companies that develop distributed applications for public and private organizations.

Course outline


MVC Security Concepts (22:16)
  • Introduction (00:48)
  • Critical Security Concepts (08:52)
  • Web Forms vs. MVC (02:45)
  • OWASP (02:01)
  • The OWASP Top 10 List (07:19)
  • Summary (00:29)
Encrypting Configuration Files (17:57)
  • Introduction (00:41)
  • Encrypting Configuration (01:30)
  • Protected Configuration Providers (01:20)
  • Demo: machine.config (01:39)
  • Demo: Encrypt Connection Strings (04:51)
  • Demo: Encryption Code (04:16)
  • Demo: Encrypt External Files (02:42)
  • Summary (00:55)
Secure Communication (29:10)
  • Introduction (00:43)
  • Secure Communication with SSL (06:57)
  • SSL in MVC (01:51)
  • Demo: Using SSL (04:45)
  • Demo: SSL Port (03:39)
  • Demo: Require SSL (02:43)
  • Demo: Require SSL Index (04:44)
  • Demo: Certicates (03:32)
  • Summary (00:10)
Hashing Passwords (16:23)
  • Introduction (00:07)
  • Hashing Passwords for Storage (03:59)
  • Demo: Hashing Passwords (05:00)
  • Demo: Salted Hash (03:08)
  • Demo: Salted Hash Code (03:45)
  • Summary (00:23)

Security Threats

Cross Site Scripting (16:47)
  • Introduction (00:45)
  • Cross-Site Scripting (XSS) (02:29)
  • Preventing XSS Attacks (09:17)
  • Anti-XSS Library (03:35)
  • Summary (00:39)
SQL Injection (17:59)
  • Introduction (00:48)
  • SQL Injection (00:29)
  • Demo: SQL Injection (07:01)
  • Preventing SQL Injection (08:49)
  • Summary (00:51)
Cross Site Request Forgeries (32:50)
  • Introduction (00:57)
  • Cross-Site Request Forgeries (05:58)
  • Demo: CSRF (03:59)
  • Demo: CSRF Example (03:34)
  • Demo: Transfer Headers (05:19)
  • Preventing CSRF Attacks (05:22)
  • Demo: Anti-Forgery Token (06:40)
  • Summary (00:58)