We may earn an affiliate commission when you visit our partners.
Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core
David Berry
David Berry
When we think of attacks on websites and applications, we often think about things like SQL Injection, Cross site request forgery, or attacks on our authentication layer. However, there are other avenues of attack into our applications and these can occur any...
Read more
When we think of attacks on websites and applications, we often think about things like SQL Injection, Cross site request forgery, or attacks on our authentication layer. However, there are other avenues of attack into our applications and these can occur any...
Read more
When we think of attacks on websites and applications, we often think about things like SQL Injection, Cross site request forgery, or attacks on our authentication layer. However, there are other avenues of attack into our applications and these can occur any time our application has to read in XML or JSON or binary data and deserialize that data. This course, Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core, talks about three such attacks: the XML External Entities (XXE) attack, the XML bomb or Billion laughs attack and the Insecure deserialization family of attacks. Two of these attacks, the XML External Entities and Insecure deserialization attack are important enough that they were each placed on the OWASP top 10 list for 2017. When you are finished with this course, you will learn what each of these attacks seeks to do, how they work and most importantly, how to defend your .NET applications against them.
Register for this course and see more details by visiting:
OpenCourser.com/course/0bzyqp/protecting
Good to know
Good to know
Know what's good ,
what to watch for , and
possible dealbreakers
Qualifies learners to address an important class of cyberattacks
Taught by David Berry, recognized for his work in security and software development
Explores a topic highly relevant to the software development industry
Save this course
Save Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core to your list so you can find it easily later:
Save
Save
Activities
Coming soon
We're preparing activities for
Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core.
These are activities you can do either before, during, or after a course.
Career center
Learners who complete Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core will develop knowledge and skills
that may be useful to these careers:
Chief Information Security Officer (CISO)
Chief Information Security Officer (CISO)
Chief Information Security Officers (CISOs) are responsible for developing and implementing an organization's IT security strategy. This course may be useful to those aspiring for this role by providing them with comprehensive knowledge on defending against threats like XML External Entities and deserialization attacks.
Information Technology Auditor
Information Technology Auditor
An Information Technology Auditor may find this course useful for gaining knowledge in identifying and mitigating threats like XML External Entities and deserialization attacks, helping to ensure the security of IT systems and data.
Security Analyst
Security Analyst
Security Analysts, responsible for monitoring and analyzing security threats, can strengthen their knowledge of identifying and mitigating threats like XML External Entities and deserialization attacks through this course.
Ethical Hacker
Ethical Hacker
Ethical Hackers, who use their skills to identify and exploit security vulnerabilities, can benefit from this course by gaining knowledge on how to defend against threats like XML External Entities and deserialization attacks, giving them a deeper understanding of security vulnerabilities.
Penetration Tester
Penetration Tester
Penetration Testers are responsible for testing the security of computer systems and networks. This course may be useful for those wanting to enter this role by providing knowledge on common security threats like XML External Entities and deserialization attacks, helping to build a foundation in the industry.
Incident Responder
Incident Responder
Incident Responders, who must have extensive knowledge of security threats and mitigation strategies, can use this course to gain specific knowledge on how to identify and defend against XML External Entities and deserialization attacks.
Security Researcher
Security Researcher
Security Researchers play a vital role in uncovering vulnerabilities in software systems. This course can be useful to those in this role by providing specific knowledge in defending against threats like XML External Entities and deserialization attacks, strengthening their understanding of security vulnerabilities and mitigations.
Security Consultant
Security Consultant
Security Consultants, who help organizations develop and implement security plans, can leverage this course to enhance their skills in identifying and mitigating threats like XML External Entities and deserialization attacks, making them more valuable to clients.
Network Security Engineer
Network Security Engineer
A Network Security Engineer, typically requiring at least a bachelor's degree in Computer Science or similar, can benefit from this course by expanding their knowledge of defending against XML External Entities and deserialization attacks.
Cybersecurity Engineer
Cybersecurity Engineer
Cybersecurity Engineers with a bachelor's degree in a relevant field and several years experience can leverage this course to enhance their knowledge of protecting against threats like XML External Entities and deserialization attacks.
Security Architect
Security Architect
A Security Architect helps an organization to define and build IT security architectures. This course may be useful to one in this role by providing a strong foundation in identifying and defending against threats like XML External Entities and deserialization attacks.
Software Engineer
Software Engineer
Software Engineers can benefit from this course by learning how to protect software applications and systems. By learning to prevent attacks like XML External Entities and deserialization, Software Engineers can build more secure, robust software.
Information Security Analyst
Information Security Analyst
An Information Security Analyst typically requires a master's degree in Information Security but may enter the field with a bachelor's and relevant certifications. This course may serve as a stepping stone for those looking to enter this role by providing fundamental knowledge on security threats and mitigation strategies.
Web Developer
Web Developer
Web Developers, who design and create websites and applications, may find this course helpful in protecting against serious security flaws. By teaching how to defend against threats like XML External Entities and deserialization attacks, this course may help Web Developers ensure their applications are secure.
Computer Security Analyst
Computer Security Analyst
A Computer Security Analyst helps build a foundation in the fundamentals of Computer Security. This course may be useful to those who wish to enter this field by providing essential mitigation strategies, such as how to protect against threats like XML External Entities and deserialization attacks, and best practices for preventing them.
For more career information including salaries, visit:
OpenCourser.com/course/0bzyqp/protecting
Reading list
We haven't picked any books for this reading list yet.
Provides a comprehensive overview of insecure deserialization vulnerabilities and how to prevent them in Java applications. It covers both the technical details of the vulnerabilities and the practical steps that developers can take to mitigate them.
Provides a practical guide to web security for developers. It covers a wide range of topics, including insecure deserialization, and provides step-by-step instructions on how to prevent these vulnerabilities in web applications.
Provides a comprehensive overview of web application security vulnerabilities, including insecure deserialization. It covers both the technical details of the vulnerabilities and the practical steps that attackers can take to exploit them.
Provides a comprehensive overview of secure coding practices in Java. It covers a wide range of topics, including insecure deserialization, and provides practical guidance on how to write secure Java code.
Save
Provides a comprehensive overview of secure coding practices. It covers a wide range of topics, including insecure deserialization, and provides practical guidance on how to write secure code in a variety of programming languages.
Save
Provides a set of coding conventions for developing secure Java applications. It covers a wide range of topics, including insecure deserialization, and provides practical guidance on how to write secure Java code.
Save
Provides a comprehensive overview of Java security. It covers a wide range of topics, including insecure deserialization, and provides practical guidance on how to develop secure Java applications.
Provides a comprehensive overview of software security assessment. It covers a wide range of topics, including insecure deserialization, and provides practical guidance on how to identify and prevent software vulnerabilities.
Save
Provides a comprehensive overview of software security. It covers a wide range of topics, including insecure deserialization, and provides practical guidance on how to develop secure software.
Provides a comprehensive overview of secure coding principles and practices. It covers a wide range of topics, including insecure deserialization, and provides practical guidance on how to write secure code in a variety of programming languages.
Provides a comprehensive overview of cryptography and network security. It covers a wide range of topics, including insecure deserialization, and provides practical guidance on how to implement secure cryptographic and network security solutions.
Save
Provides a practical overview of network security. It covers a wide range of topics, including insecure deserialization, and provides practical guidance on how to implement secure network security solutions.
Provides a step-by-step guide to understanding the ten most common web application security vulnerabilities, and how to exploit them to gain unauthorized access to websites and applications.
Uses Java as a case study to teach secure coding practices and how to avoid the most common application security vulnerabilities.
Provides a gentle introduction to web application security for beginners, covering the basics of web application security and the OWASP Top 10.
Provides a cookbook of recipes for testing web applications for security vulnerabilities, covering a wide range of topics from basic to advanced.
Save
Provides one of the best introductions to the Java programming language and great starting point for learning how to write secure code.
Save
Provides a comprehensive guide to software security testing, covering a wide range of topics from threat modeling to penetration testing.
Save
Provides a concise guide to the OWASP Top 10 for developers, covering the most critical web application security risks and how to mitigate them.
Provides a concise guide to the OWASP Top 10 for penetration testers, covering the most critical web application security risks and how to exploit them.
For more information about how these books relate to this course, visit:
OpenCourser.com/course/0bzyqp/protecting
Share
Similar courses
Similar courses are unavailable at this time. Please try again later.
Via
Pluralsight
Instructor
David Berry
This course belongs to a
collection
called
Securing ASP.NET and ASP.NET Core Applications. It's comprised of 11 courses:
- Implementing HTTPS in ASP.NET and ASP.NET Core
- Securing Application Secrets in ASP.NET Core 3
- Configuring Security Headers in ASP.NET 4 and ASP.NET Core 3 Applications
- Securely Handling Errors and Logging Security Events in ASP.NET 3 and ASP.NET Core 2
- ASP.NET Core 3 and ASP.NET 4 Input Validation
- Defeating Injection Attacks in ASP.NET and ASP.NET Core
- Cross Site Scripting (XSS) Prevention for ASP.NET Core 3 and ASP.NET 4 Applications
- Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core (viewing)
- Cross Site Request Forgery (CSRF) Prevention for ASP.NET Core 3 and ASP.NET 4 Applications
- Using Security Analysis Tools to Protect ASP.NET and ASP.NET Core Applications
- Configuring CORS in ASP.NET 2 and ASP.NET Core 2
Good to know
Qualifies learners to address an important class of cyberattacks
Taught by David Berry, recognized for his work in security and software development
Explores a topic highly relevant to the software development industry
Our mission
OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.
Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.
Find this site helpful? Tell a friend about us.
Affiliate disclosure
We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.
Your purchases help us maintain our catalog and keep our servers humming without ads.
Thank you for supporting OpenCourser.
© 2016 - 2024 OpenCourser