Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core

When we think about attacks on websites or applications, we often think of SQL Injection, Cross-site request forgery, and attacks on our authentication layer. There are many other ways to attack our applications. These can happen whenever our application needs to read binary or JSON data or XML data. Protecting Against XML External Entity Attacks in ASP.NET Core and ASP.NET Core explains three of these attacks: the XML External Entities attack, the XML bomb, or Billion laughs attack, and the Insecure Deserialization family. The XML External Entities attack and the Insecure deserialization attacks were both important enough to be included on the OWASP top 10. List for 2017. After you complete this course, you'll learn about the attacks, their mechanisms, and how you can defend your.NET applications.