.NET core vulnerabilities Course

Customers demand secure products, so security should be a top priority. But without in-depth knowledge of what causes a vulnerability, it is almost impossible to deliver on the customers' expectations. This course addresses .NET Core vulnerabilities.

1 hour, 55 minutes

Course description

As technology progresses, digital space becomes more complex and application development security becomes more challenging. Dangerous code doesn't only affect the software application; it also involves an organization's information assets and reputation. This course will investigate advanced techniques hackers use to attack .NET Core applications and the impact of those vulnerabilities. Sometimes, it takes just a single line of code to overthrow months of hard work.

Syllabus

Insecure cryptographic storage

Video - 00:04:00
Using cryptography to secure and store data is a good practice, but done incorrectly, it can introduce new risks. In this module, we are going to look at some vulnerabilities that are used to exploit this weakness.
File upload

Video - 00:09:00
As the applications are becoming more flexible with file uploads, new risks get introduced. In this module, we are going to look at some unrestricted file uploads and some types of attacks that can be performed.
Security misconfiguration

Video - 00:03:00
The security misconfiguration module will show some of the most common misconfigurations that lead to reduced security, leading to critical vulnerabilities.
Parameter manipulation

Video - 00:02:00
This module will explain how parameters sent between client and server can be manipulated and the implications of this attack.
Session hijacking

Video - 00:05:00
Session hijacking, also known as cookie hijacking, is an attacker's ability to gain user account access by exploiting valid session ID, often referred to as session key. In this module, we discuss session fixation and how a session hijacking attack works.
Unvalidated redirects

Video - 00:04:00
In this module, we will learn how to utilize the redirect feature on URLs and redirect users to fake websites that are hard to spot.
Directory traversal

Video - 00:03:00
Directory traversal is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application. In this module, we'll go through the vulnerable code that allows this attack.
Cross-site request forgery

Video - 00:03:00
In this module, we will learn what cross-site request forgery is, also known as one-click attack or session riding, and how it is performed.
Cross-site scripting

Video - 00:31:00
The cross-site scripting vulnerability enables the attackers to inject client-side scripts into web applications. In this module, we will go through to types of this vulnerability, stored and reflected XSS and how to exploit them.
SQL injection

Video - 00:49:00
In the SQL injection module, we will see how one of the main code injection techniques is performed and how bad code practices enable these vulnerabilities.
.NET core vulnerabilities

Video - 00:01:00
There are more security obstacles that you should be aware of. Here's an essential guide to .Net Core vulnerabilities so that you can stay one step ahead of the hackers.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments
Start a Free Trial

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

Plans & pricing

Infosec Skills Personal

$299 / year

Buy Now 7-Day Free Trial
  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

Book a Meeting
  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust