Learn your way! Get started

MVC 4.0, Part 07 of 11: Security Concepts

with expert Don Kiely


Watch trailer


Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack

Release date 7/2/2013
Level Advanced
Runtime 2h 33m
Closed captioning Included
Transcript Included
eBooks / courseware N/A
Hands-on labs Included
Sample code Included
Exams Included


Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

In this course you’ll explore a wide range of security threats and a variety of features in MVC that help you protect against them. We’ll start with a discussion of critical security concepts, then look at some of the differences between Web Forms and MVC applications from a security perspective. Then you’ll learn various techniques you can use to protect the integrity of application data, including how you can encrypt configuration file sections, use SSL for various security purposes, and hash passwords for storage. I’ll finish up the course by looking at various serious threats that MVC applications face, and explore some of the options available for protecting against them.

Prerequisites

This course assumes that you are familiar and experienced with Microsoft’s .NET Framework and ASP.NET development tools. You should be familiar with Web development and understand how HTTP and HTML work to produce Web pages for the user. You should have experience writing applications with ASP.NET 4.0 or later Web forms, and be familiar with how ASP.NET processes page requests, and have strong experience with .NET Framework 4.0 or later programming. You should have experience with Visual Studio 2012 for building Web application projects. Experience with building database applications using these tools will be helpful, although not strictly necessary.

Learning Paths

This course will help you prepare for the following certifications and exams:
MCSD: SharePoint Applications
MCSD: Web Applications
70-486: Developing ASP.NET MVC Web Applications

This course is part of the following LearnNowOnline SuccessPaths™:
Building MVC Web Applications

Meet the expert

Don Kiely is a featured instructor on many of our SQL Server and Visual Studio courses. He is a nationally recognized author, instructor, and consultant specializing in Microsoft technologies. Don has many years of teaching experience, is the author or co-author of several programming books, and has spoken at many industry conferences and user groups. In addition, Don is a consultant for a variety of companies that develop distributed applications for public and private organizations.

Course outline



Security

MVC Security Concepts (22:16)
  • Introduction (00:48)
  • Critical Security Concepts (08:52)
  • Web Forms vs. MVC (02:45)
  • OWASP (02:01)
  • The OWASP Top 10 List (07:19)
  • Summary (00:29)
Encrypting Configuration Files (17:57)
  • Introduction (00:41)
  • Encrypting Configuration (01:30)
  • Protected Configuration Providers (01:20)
  • Demo: machine.config (01:39)
  • Demo: Encrypt Connection Strings (04:51)
  • Demo: Encryption Code (04:16)
  • Demo: Encrypt External Files (02:42)
  • Summary (00:55)
Secure Communication (29:10)
  • Introduction (00:43)
  • Secure Communication with SSL (06:57)
  • SSL in MVC (01:51)
  • Demo: Using SSL (04:45)
  • Demo: SSL Port (03:39)
  • Demo: Require SSL (02:43)
  • Demo: Require SSL Index (04:44)
  • Demo: Certicates (03:32)
  • Summary (00:10)
Hashing Passwords (16:23)
  • Introduction (00:07)
  • Hashing Passwords for Storage (03:59)
  • Demo: Hashing Passwords (05:00)
  • Demo: Salted Hash (03:08)
  • Demo: Salted Hash Code (03:45)
  • Summary (00:23)

Security Threats

Cross Site Scripting (16:47)
  • Introduction (00:45)
  • Cross-Site Scripting (XSS) (02:29)
  • Preventing XSS Attacks (09:17)
  • Anti-XSS Library (03:35)
  • Summary (00:39)
SQL Injection (17:59)
  • Introduction (00:48)
  • SQL Injection (00:29)
  • Demo: SQL Injection (07:01)
  • Preventing SQL Injection (08:49)
  • Summary (00:51)
Cross Site Request Forgeries (32:50)
  • Introduction (00:57)
  • Cross-Site Request Forgeries (05:58)
  • Demo: CSRF (03:59)
  • Demo: CSRF Example (03:34)
  • Demo: Transfer Headers (05:19)
  • Preventing CSRF Attacks (05:22)
  • Demo: Anti-Forgery Token (06:40)
  • Summary (00:58)